Vulnerability-Lookup

CVE-2021-32458 (GCVE-0-2021-32458)

Vulnerability from cvelistv5 – Published: 2021-05-27 10:34 – Updated: 2024-08-03 23:17

Summary

Severity ?

No CVSS data available.

CWE

iotcl Stack-Based Buffer Overflow

Assigner

trendmicro

References

URL

	Vendor	Product	Version
	Trend Micro	Trend Micro Home Network Security	Affected: 6.6.604 and below

VAR-202105-1385

Vulnerability from variot - Updated: 2024-08-14 12:49

Trend Micro Home Network Security version 6.6.604 and earlier is vulnerable to an iotcl stack-based buffer overflow vulnerability which could allow an attacker to issue a specially crafted iotcl which could lead to code execution on affected devices. An attacker must first obtain the ability to execute low-privileged code on the target device in order to exploit this vulnerability. Used to scan all incoming and outgoing home network traffic to prevent intrusions, prevent hacker attacks and network threats, and protect privacy. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202105-1385",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "home network security",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "trendmicro",
        "version": "6.6.604"
      },
      {
        "model": "trend micro home network security",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "\u30c8\u30ec\u30f3\u30c9\u30de\u30a4\u30af\u30ed",
        "version": "6.6.604  and earlier"
      },
      {
        "model": "trend micro home network security",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30c8\u30ec\u30f3\u30c9\u30de\u30a4\u30af\u30ed",
        "version": null
      },
      {
        "model": "home network security",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "trend micro",
        "version": "6.1.567"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-39690"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-007441"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-32458"
      }
    ]
  },
  "cve": "CVE-2021-32458",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2021-32458",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.9,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "SINGLE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.8,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.1,
            "id": "CNVD-2021-39690",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2021-32458",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2021-32458",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2021-32458",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2021-32458",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2021-39690",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202105-1515",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-32458",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-39690"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-32458"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-007441"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202105-1515"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-32458"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Trend Micro Home Network Security version 6.6.604 and earlier is vulnerable to an iotcl stack-based buffer overflow vulnerability which could allow an attacker to issue a specially crafted iotcl which could lead to code execution on affected devices. An attacker must first obtain the ability to execute low-privileged code on the target device in order to exploit this vulnerability. Used to scan all incoming and outgoing home network traffic to prevent intrusions, prevent hacker attacks and network threats, and protect privacy. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-32458"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-007441"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-39690"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-32458"
      }
    ],
    "trust": 2.79
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-32458",
        "trust": 3.9
      },
      {
        "db": "TALOS",
        "id": "TALOS-2021-1231",
        "trust": 1.7
      },
      {
        "db": "JVN",
        "id": "JVNVU92417259",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-007441",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-39690",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021041363",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021052509",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202105-1515",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-32458",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-39690"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-32458"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-007441"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202105-1515"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-32458"
      }
    ]
  },
  "id": "VAR-202105-1385",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-39690"
      }
    ],
    "trust": 1.05125483
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-39690"
      }
    ]
  },
  "last_update_date": "2024-08-14T12:49:46.313000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Security\u00a0Bulletin",
        "trust": 0.8,
        "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10337"
      },
      {
        "title": "Patch for Trend Micro Home Network Security Privilege Escalation Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/270201"
      },
      {
        "title": "Trend Micro Home Network Security Buffer error vulnerability fix",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=153052"
      },
      {
        "title": "CVE-2021-32458",
        "trust": 0.1,
        "url": "https://github.com/JamesGeeee/CVE-2021-32458 "
      },
      {
        "title": "Threatpost",
        "trust": 0.1,
        "url": "https://threatpost.com/trend-micro-bugs-home-network-security/166453/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-39690"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-32458"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-007441"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202105-1515"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-787",
        "trust": 1.0
      },
      {
        "problemtype": "Out-of-bounds writing (CWE-787) [NVD Evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-007441"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-32458"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "https://talosintelligence.com/vulnerability_reports/talos-2021-1231"
      },
      {
        "trust": 1.7,
        "url": "https://helpcenter.trendmicro.com/en-us/article/tmka-10337"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32458"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu92417259/"
      },
      {
        "trust": 0.6,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-32458"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021052509"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/787.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/jamesgeeee/cve-2021-32458"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://threatpost.com/trend-micro-bugs-home-network-security/166453/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-39690"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-32458"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-007441"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202105-1515"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-32458"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-39690"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-32458"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-007441"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202105-1515"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-32458"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-05-24T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-39690"
      },
      {
        "date": "2021-05-27T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-32458"
      },
      {
        "date": "2022-02-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-007441"
      },
      {
        "date": "2021-04-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-05-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202105-1515"
      },
      {
        "date": "2021-05-27T11:15:07.313000",
        "db": "NVD",
        "id": "CVE-2021-32458"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-06-05T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-39690"
      },
      {
        "date": "2021-06-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-32458"
      },
      {
        "date": "2022-02-10T08:59:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-007441"
      },
      {
        "date": "2021-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-06-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202105-1515"
      },
      {
        "date": "2021-06-07T19:08:49.727000",
        "db": "NVD",
        "id": "CVE-2021-32458"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202105-1515"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Trend\u00a0Micro\u00a0Home\u00a0Network\u00a0Security\u00a0 Out-of-bounds Vulnerability in Microsoft",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-007441"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ],
    "trust": 0.6
  }
}

GHSA-PF2V-6J36-J2XG

Vulnerability from github – Published: 2022-05-24 19:03 – Updated: 2022-05-24 19:03

Details

A privilege escalation vulnerability exists in the tdts.ko chrdev_ioctl_handle functionality of Trend Micro, Inc. Home Network Security 6.1.567. A specially crafted ioctl can lead to code execution. An attacker can issue an ioctl to trigger this vulnerability.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-32458"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-05-27T11:15:00Z",
    "severity": "HIGH"
  },
  "details": "A privilege escalation vulnerability exists in the tdts.ko chrdev_ioctl_handle functionality of Trend Micro, Inc. Home Network Security 6.1.567. A specially crafted ioctl can lead to code execution. An attacker can issue an ioctl to trigger this vulnerability.",
  "id": "GHSA-pf2v-6j36-j2xg",
  "modified": "2022-05-24T19:03:31Z",
  "published": "2022-05-24T19:03:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32458"
    },
    {
      "type": "WEB",
      "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10337"
    },
    {
      "type": "WEB",
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1231"
    },
    {
      "type": "WEB",
      "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1231"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CNVD-2021-39690

Vulnerability from cnvd - Published: 2021-05-24

Title

Trend Micro Home Network Security权限提升漏洞

Description

Trend Micro Home Network Security是美国趋势科技（Trend Micro）公司的一个网络设备。用于扫描所有传入和传出家庭网络的流量，以防止入侵，阻止黑客攻击和网络威胁以及保护隐私。 Trend Micro Home Network Security 6.1.567的tdts.ko chrdev_ioctl_handle功能存在权限提升漏洞。攻击者可借助特制的ioctl利用该漏洞执行代码。

Severity

中

Patch Name

Trend Micro Home Network Security权限提升漏洞的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： https://www.trendmicro.com/en_us/forHome/products/homenetworksecurity.html

Reference

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32458

Impacted products

Name
Trend Micro Home Network Security 6.1.567

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-32458",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-32458"
    }
  },
  "description": "Trend Micro Home Network Security\u662f\u7f8e\u56fd\u8d8b\u52bf\u79d1\u6280\uff08Trend Micro\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u7f51\u7edc\u8bbe\u5907\u3002\u7528\u4e8e\u626b\u63cf\u6240\u6709\u4f20\u5165\u548c\u4f20\u51fa\u5bb6\u5ead\u7f51\u7edc\u7684\u6d41\u91cf\uff0c\u4ee5\u9632\u6b62\u5165\u4fb5\uff0c\u963b\u6b62\u9ed1\u5ba2\u653b\u51fb\u548c\u7f51\u7edc\u5a01\u80c1\u4ee5\u53ca\u4fdd\u62a4\u9690\u79c1\u3002\n\nTrend Micro Home Network Security 6.1.567\u7684tdts.ko chrdev_ioctl_handle\u529f\u80fd\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684ioctl\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4ee3\u7801\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttps://www.trendmicro.com/en_us/forHome/products/homenetworksecurity.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-39690",
  "openTime": "2021-05-24",
  "patchDescription": "Trend Micro Home Network Security\u662f\u7f8e\u56fd\u8d8b\u52bf\u79d1\u6280\uff08Trend Micro\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u7f51\u7edc\u8bbe\u5907\u3002\u7528\u4e8e\u626b\u63cf\u6240\u6709\u4f20\u5165\u548c\u4f20\u51fa\u5bb6\u5ead\u7f51\u7edc\u7684\u6d41\u91cf\uff0c\u4ee5\u9632\u6b62\u5165\u4fb5\uff0c\u963b\u6b62\u9ed1\u5ba2\u653b\u51fb\u548c\u7f51\u7edc\u5a01\u80c1\u4ee5\u53ca\u4fdd\u62a4\u9690\u79c1\u3002\r\n\r\nTrend Micro Home Network Security 6.1.567\u7684tdts.ko chrdev_ioctl_handle\u529f\u80fd\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684ioctl\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Trend Micro Home Network Security\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Trend Micro Home Network Security 6.1.567"
  },
  "referenceLink": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32458",
  "serverity": "\u4e2d",
  "submitTime": "2021-06-02",
  "title": "Trend Micro Home Network Security\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

GSD-2021-32458

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-32458

Aliases

CVE-2021-32458

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-32458",
    "description": "Trend Micro Home Network Security version 6.6.604 and earlier is vulnerable to an iotcl stack-based buffer overflow vulnerability which could allow an attacker to issue a specially crafted iotcl which could lead to code execution on affected devices. An attacker must first obtain the ability to execute low-privileged code on the target device in order to exploit this vulnerability.",
    "id": "GSD-2021-32458"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-32458"
      ],
      "details": "Trend Micro Home Network Security version 6.6.604 and earlier is vulnerable to an iotcl stack-based buffer overflow vulnerability which could allow an attacker to issue a specially crafted iotcl which could lead to code execution on affected devices. An attacker must first obtain the ability to execute low-privileged code on the target device in order to exploit this vulnerability.",
      "id": "GSD-2021-32458",
      "modified": "2023-12-13T01:23:08.707687Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@trendmicro.com",
        "ID": "CVE-2021-32458",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Trend Micro Home Network Security",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "6.6.604 and below"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Trend Micro"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Trend Micro Home Network Security version 6.6.604 and earlier is vulnerable to an iotcl stack-based buffer overflow vulnerability which could allow an attacker to issue a specially crafted iotcl which could lead to code execution on affected devices. An attacker must first obtain the ability to execute low-privileged code on the target device in order to exploit this vulnerability."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "iotcl Stack-Based Buffer Overflow"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10337",
            "refsource": "MISC",
            "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10337"
          },
          {
            "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1231",
            "refsource": "MISC",
            "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1231"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:trendmicro:home_network_security:*:*:*:en:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.6.604",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:trendmicro:home_network_security:*:*:*:ja:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.6.604",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:trendmicro:home_network_security:*:*:*:zh:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.6.604",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2021-32458"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Trend Micro Home Network Security version 6.6.604 and earlier is vulnerable to an iotcl stack-based buffer overflow vulnerability which could allow an attacker to issue a specially crafted iotcl which could lead to code execution on affected devices. An attacker must first obtain the ability to execute low-privileged code on the target device in order to exploit this vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-787"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1231",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1231"
            },
            {
              "name": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10337",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10337"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-06-07T19:08Z",
      "publishedDate": "2021-05-27T11:15Z"
    }
  }
}

FKIE_CVE-2021-32458

Vulnerability from fkie_nvd - Published: 2021-05-27 11:15 - Updated: 2024-11-21 06:07

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security@trendmicro.com	https://helpcenter.trendmicro.com/en-us/article/TMKA-10337	Vendor Advisory
security@trendmicro.com	https://talosintelligence.com/vulnerability_reports/TALOS-2021-1231	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://helpcenter.trendmicro.com/en-us/article/TMKA-10337	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://talosintelligence.com/vulnerability_reports/TALOS-2021-1231	Third Party Advisory

Impacted products

Vendor	Product	Version
trendmicro	home_network_security	*
trendmicro	home_network_security	*
trendmicro	home_network_security	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:trendmicro:home_network_security:*:*:*:en:*:*:*:*",
              "matchCriteriaId": "6CA71C14-AE1C-44AF-8CFF-8461DBA0CA78",
              "versionEndIncluding": "6.6.604",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:home_network_security:*:*:*:ja:*:*:*:*",
              "matchCriteriaId": "1EE779A2-BE6E-4EF1-B22E-D2ED7CA3C74D",
              "versionEndIncluding": "6.6.604",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:home_network_security:*:*:*:zh:*:*:*:*",
              "matchCriteriaId": "D5C7D541-00E5-4BF7-8191-9BA2BB5CD931",
              "versionEndIncluding": "6.6.604",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Trend Micro Home Network Security version 6.6.604 and earlier is vulnerable to an iotcl stack-based buffer overflow vulnerability which could allow an attacker to issue a specially crafted iotcl which could lead to code execution on affected devices. An attacker must first obtain the ability to execute low-privileged code on the target device in order to exploit this vulnerability."
    },
    {
      "lang": "es",
      "value": "La versi\u00f3n 6.6.604 y anteriores de Trend Micro Home Network Security son vulnerables a una vulnerabilidad de desbordamiento del b\u00fafer basada en la pila de iotcl que podr\u00eda permitir a un atacante emitir un iotcl especialmente dise\u00f1ado que podr\u00eda conducir a la ejecuci\u00f3n de c\u00f3digo en los dispositivos afectados. Un atacante debe obtener primero la capacidad de ejecutar c\u00f3digo con pocos privilegios en el dispositivo de destino para poder explotar esta vulnerabilidad"
    }
  ],
  "id": "CVE-2021-32458",
  "lastModified": "2024-11-21T06:07:04.507",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-05-27T11:15:07.313",
  "references": [
    {
      "source": "security@trendmicro.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10337"
    },
    {
      "source": "security@trendmicro.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1231"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10337"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1231"
    }
  ],
  "sourceIdentifier": "security@trendmicro.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-32458 (GCVE-0-2021-32458)

VAR-202105-1385

GHSA-PF2V-6J36-J2XG

CNVD-2021-39690

GSD-2021-32458

FKIE_CVE-2021-32458

Tags

Sightings

Nomenclature