Details of VAR-202112-2045

ID

VAR-202112-2045

CVE

CVE-2021-20172

TITLE

macOS for Netgear Genie Installer Vulnerability in improper permission assignment for critical resources in

Trust: 0.8

sources: JVNDB: JVNDB-2021-017413

DESCRIPTION

All known versions of the Netgear Genie Installer for macOS contain a local privilege escalation vulnerability. The installer of the macOS version of Netgear Genie handles certain files in an insecure way. A malicious actor who has local access to the endpoint on which the software is going to be installed may overwrite certain files to obtain privilege escalation to root. (DoS) It may be in a state. Netgear genie is a program from Netgear that presents itself as a dashboard

Trust: 1.8

sources: NVD: CVE-2021-20172 // JVNDB: JVNDB-2021-017413 // VULHUB: VHN-377848 // VULMON: CVE-2021-20172

AFFECTED PRODUCTS

vendor:	netgear	model:	genie installer	scope:	eq	version:	-	Trust: 1.0
vendor:	ネットギア	model:	genie installer	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	genie installer	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-017413 // NVD: CVE-2021-20172

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-20172
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-20172
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202112-2811
value:	HIGH
Trust: 0.6
VULHUB:	VHN-377848
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-20172
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-377848
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-20172
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-20172
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-377848 // JVNDB: JVNDB-2021-017413 // CNNVD: CNNVD-202112-2811 // NVD: CVE-2021-20172

PROBLEMTYPE DATA

problemtype:	CWE-732	Trust: 1.1
problemtype:	Improper permission assignment for critical resources (CWE-732) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-377848 // JVNDB: JVNDB-2021-017413 // NVD: CVE-2021-20172

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202112-2811

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-202112-2811

PATCH

title:	Top Page	url:	https://www.netgear.com/	Trust: 0.8
title:	Netgear genie Fixes for permissions and access control issues vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=176859	Trust: 0.6

sources: JVNDB: JVNDB-2021-017413 // CNNVD: CNNVD-202112-2811

EXTERNAL IDS

db:	NVD	id:	CVE-2021-20172	Trust: 3.4
db:	TENABLE	id:	TRA-2021-56	Trust: 2.6
db:	JVNDB	id:	JVNDB-2021-017413	Trust: 0.8
db:	CNNVD	id:	CNNVD-202112-2811	Trust: 0.7
db:	CS-HELP	id:	SB2022010309	Trust: 0.6
db:	CNVD	id:	CNVD-2022-02646	Trust: 0.1
db:	VULHUB	id:	VHN-377848	Trust: 0.1
db:	VULMON	id:	CVE-2021-20172	Trust: 0.1

sources: VULHUB: VHN-377848 // VULMON: CVE-2021-20172 // JVNDB: JVNDB-2021-017413 // CNNVD: CNNVD-202112-2811 // NVD: CVE-2021-20172

REFERENCES

url:	https://www.tenable.com/security/research/tra-2021-56	Trust: 2.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20172	Trust: 1.4
url:	https://www.cybersecurity-help.cz/vdb/sb2022010309	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-377848 // VULMON: CVE-2021-20172 // JVNDB: JVNDB-2021-017413 // CNNVD: CNNVD-202112-2811 // NVD: CVE-2021-20172

SOURCES

db:	VULHUB	id:	VHN-377848
db:	VULMON	id:	CVE-2021-20172
db:	JVNDB	id:	JVNDB-2021-017413
db:	CNNVD	id:	CNNVD-202112-2811
db:	NVD	id:	CVE-2021-20172

LAST UPDATE DATE

2024-08-14T15:16:57.731000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-377848	date:	2022-07-12T00:00:00
db:	VULMON	id:	CVE-2021-20172	date:	2021-12-31T00:00:00
db:	JVNDB	id:	JVNDB-2021-017413	date:	2023-01-18T00:57:00
db:	CNNVD	id:	CNNVD-202112-2811	date:	2022-07-14T00:00:00
db:	NVD	id:	CVE-2021-20172	date:	2022-07-12T17:42:04.277

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-377848	date:	2021-12-30T00:00:00
db:	VULMON	id:	CVE-2021-20172	date:	2021-12-30T00:00:00
db:	JVNDB	id:	JVNDB-2021-017413	date:	2023-01-18T00:00:00
db:	CNNVD	id:	CNNVD-202112-2811	date:	2021-12-30T00:00:00
db:	NVD	id:	CVE-2021-20172	date:	2021-12-30T22:15:09.707