Details of VAR-202105-1384

ID

VAR-202105-1384

CVE

CVE-2021-32457

TITLE

Trend Micro Home Network Security Vulnerability in privilege management

Trust: 0.8

sources: JVNDB: JVNDB-2021-007308

DESCRIPTION

Trend Micro Home Network Security version 6.6.604 and earlier is vulnerable to an iotcl stack-based buffer overflow vulnerability which could allow an attacker to issue a specially crafted iotcl to escalate privileges on affected devices. An attacker must first obtain the ability to execute low-privileged code on the target device in order to exploit this vulnerability. Trend Micro Home Network Security Contains a privilege management vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Trend Micro Home Network Security is a network device of Trend Micro (Trend Micro). Used to scan all incoming and outgoing home network traffic to prevent intrusions, prevent hacker attacks and network threats, and protect privacy. Attackers can take advantage of this vulnerability to elevate permissions with the help of a special ioctl. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.7

sources: NVD: CVE-2021-32457 // JVNDB: JVNDB-2021-007308 // CNVD: CNVD-2021-39159 // CNNVD: CNNVD-202104-975

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-39159

AFFECTED PRODUCTS

vendor:	trendmicro	model:	home network security	scope:	lte	version:	6.6.604	Trust: 1.0
vendor:	トレンドマイクロ	model:	trend micro home network security	scope:	lte	version:	6.6.604 and earlier	Trust: 0.8
vendor:	トレンドマイクロ	model:	trend micro home network security	scope:	eq	version:	-	Trust: 0.8
vendor:	trend micro	model:	home network security	scope:	eq	version:	6.1.567	Trust: 0.6

sources: CNVD: CNVD-2021-39159 // JVNDB: JVNDB-2021-007308 // NVD: CVE-2021-32457

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-32457
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-32457
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-39159
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202105-1502
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2021-32457
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2021-39159
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-32457
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-32457
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-39159 // JVNDB: JVNDB-2021-007308 // CNNVD: CNNVD-202105-1502 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-32457

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.0
problemtype:	Improper authority management (CWE-269) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-007308 // NVD: CVE-2021-32457

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202105-1502

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202105-1502

PATCH

title:	Security Bulletin	url:	https://helpcenter.trendmicro.com/en-us/article/TMKA-10337	Trust: 0.8
title:	Patch for Trend Micro Home Network Security Privilege Escalation Vulnerability (CNVD-2021-39159)	url:	https://www.cnvd.org.cn/patchInfo/show/269666	Trust: 0.6
title:	Trend Micro Home Network Security Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=151688	Trust: 0.6

sources: CNVD: CNVD-2021-39159 // JVNDB: JVNDB-2021-007308 // CNNVD: CNNVD-202105-1502

EXTERNAL IDS

db:	NVD	id:	CVE-2021-32457	Trust: 3.8
db:	TALOS	id:	TALOS-2021-1230	Trust: 2.2
db:	JVN	id:	JVNVU92417259	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-007308	Trust: 0.8
db:	CNVD	id:	CNVD-2021-39159	Trust: 0.6
db:	CS-HELP	id:	SB2021052509	Trust: 0.6
db:	CNNVD	id:	CNNVD-202105-1502	Trust: 0.6
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6

sources: CNVD: CNVD-2021-39159 // JVNDB: JVNDB-2021-007308 // CNNVD: CNNVD-202105-1502 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-32457

REFERENCES

url:	https://talosintelligence.com/vulnerability_reports/talos-2021-1230	Trust: 2.8
url:	https://helpcenter.trendmicro.com/en-us/article/tmka-10337	Trust: 1.6
url:	https://jvn.jp/vu/jvnvu92417259/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-32457	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021052509	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6

sources: CNVD: CNVD-2021-39159 // JVNDB: JVNDB-2021-007308 // CNNVD: CNNVD-202105-1502 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-32457

SOURCES

db:	CNVD	id:	CNVD-2021-39159
db:	JVNDB	id:	JVNDB-2021-007308
db:	CNNVD	id:	CNNVD-202105-1502
db:	CNNVD	id:	CNNVD-202104-975
db:	NVD	id:	CVE-2021-32457

LAST UPDATE DATE

2024-08-14T12:06:09.872000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-39159	date:	2021-06-03T00:00:00
db:	JVNDB	id:	JVNDB-2021-007308	date:	2022-02-07T08:44:00
db:	CNNVD	id:	CNNVD-202105-1502	date:	2022-05-05T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	NVD	id:	CVE-2021-32457	date:	2022-06-03T19:42:35.780

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-39159	date:	2021-06-03T00:00:00
db:	JVNDB	id:	JVNDB-2021-007308	date:	2022-02-07T00:00:00
db:	CNNVD	id:	CNNVD-202105-1502	date:	2021-05-24T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	NVD	id:	CVE-2021-32457	date:	2021-05-26T14:15:08.773