Details of VAR-202105-1385

ID

VAR-202105-1385

CVE

CVE-2021-32458

TITLE

Trend Micro Home Network Security Out-of-bounds Vulnerability in Microsoft

Trust: 0.8

sources: JVNDB: JVNDB-2021-007441

DESCRIPTION

Trend Micro Home Network Security version 6.6.604 and earlier is vulnerable to an iotcl stack-based buffer overflow vulnerability which could allow an attacker to issue a specially crafted iotcl which could lead to code execution on affected devices. An attacker must first obtain the ability to execute low-privileged code on the target device in order to exploit this vulnerability. Used to scan all incoming and outgoing home network traffic to prevent intrusions, prevent hacker attacks and network threats, and protect privacy. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.79

sources: NVD: CVE-2021-32458 // JVNDB: JVNDB-2021-007441 // CNVD: CNVD-2021-39690 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2021-32458

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-39690

AFFECTED PRODUCTS

vendor:	trendmicro	model:	home network security	scope:	lte	version:	6.6.604	Trust: 1.0
vendor:	トレンドマイクロ	model:	trend micro home network security	scope:	lte	version:	6.6.604 and earlier	Trust: 0.8
vendor:	トレンドマイクロ	model:	trend micro home network security	scope:	eq	version:	-	Trust: 0.8
vendor:	trend micro	model:	home network security	scope:	eq	version:	6.1.567	Trust: 0.6

sources: CNVD: CNVD-2021-39690 // JVNDB: JVNDB-2021-007441 // NVD: CVE-2021-32458

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-32458
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-32458
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-39690
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202105-1515
value:	HIGH
Trust: 0.6
VULMON:	CVE-2021-32458
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-32458
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2021-39690
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-32458
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-32458
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-39690 // VULMON: CVE-2021-32458 // JVNDB: JVNDB-2021-007441 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1515 // NVD: CVE-2021-32458

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.0
problemtype:	Out-of-bounds writing (CWE-787) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-007441 // NVD: CVE-2021-32458

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202105-1515

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	Security Bulletin	url:	https://helpcenter.trendmicro.com/en-us/article/TMKA-10337	Trust: 0.8
title:	Patch for Trend Micro Home Network Security Privilege Escalation Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/270201	Trust: 0.6
title:	Trend Micro Home Network Security Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=153052	Trust: 0.6
title:	CVE-2021-32458	url:	https://github.com/JamesGeeee/CVE-2021-32458	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/trend-micro-bugs-home-network-security/166453/	Trust: 0.1

sources: CNVD: CNVD-2021-39690 // VULMON: CVE-2021-32458 // JVNDB: JVNDB-2021-007441 // CNNVD: CNNVD-202105-1515

EXTERNAL IDS

db:	NVD	id:	CVE-2021-32458	Trust: 3.9
db:	TALOS	id:	TALOS-2021-1231	Trust: 1.7
db:	JVN	id:	JVNVU92417259	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-007441	Trust: 0.8
db:	CNVD	id:	CNVD-2021-39690	Trust: 0.6
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021052509	Trust: 0.6
db:	CNNVD	id:	CNNVD-202105-1515	Trust: 0.6
db:	VULMON	id:	CVE-2021-32458	Trust: 0.1

sources: CNVD: CNVD-2021-39690 // VULMON: CVE-2021-32458 // JVNDB: JVNDB-2021-007441 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1515 // NVD: CVE-2021-32458

REFERENCES

url:	https://talosintelligence.com/vulnerability_reports/talos-2021-1231	Trust: 2.3
url:	https://helpcenter.trendmicro.com/en-us/article/tmka-10337	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-32458	Trust: 1.4
url:	https://jvn.jp/vu/jvnvu92417259/	Trust: 0.8
url:	http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-32458	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021052509	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/787.html	Trust: 0.1
url:	https://github.com/jamesgeeee/cve-2021-32458	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://threatpost.com/trend-micro-bugs-home-network-security/166453/	Trust: 0.1

sources: CNVD: CNVD-2021-39690 // VULMON: CVE-2021-32458 // JVNDB: JVNDB-2021-007441 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1515 // NVD: CVE-2021-32458

SOURCES

db:	CNVD	id:	CNVD-2021-39690
db:	VULMON	id:	CVE-2021-32458
db:	JVNDB	id:	JVNDB-2021-007441
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202105-1515
db:	NVD	id:	CVE-2021-32458

LAST UPDATE DATE

2024-08-14T12:49:46.313000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-39690	date:	2021-06-05T00:00:00
db:	VULMON	id:	CVE-2021-32458	date:	2021-06-07T00:00:00
db:	JVNDB	id:	JVNDB-2021-007441	date:	2022-02-10T08:59:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202105-1515	date:	2021-06-09T00:00:00
db:	NVD	id:	CVE-2021-32458	date:	2021-06-07T19:08:49.727

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-39690	date:	2021-05-24T00:00:00
db:	VULMON	id:	CVE-2021-32458	date:	2021-05-27T00:00:00
db:	JVNDB	id:	JVNDB-2021-007441	date:	2022-02-10T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202105-1515	date:	2021-05-24T00:00:00
db:	NVD	id:	CVE-2021-32458	date:	2021-05-27T11:15:07.313