CVE-2021-41526

{"id": "CVE-2021-41526", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2023-03-29T21:15:07.810", "references": [{"url": "http://seclists.org/fulldisclosure/2024/Apr/24", "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "https://community.flexera.com/t5/InstallShield-Knowledge-Base/CVE-2021-41526-Privilege-escalation-vulnerability-during-MSI/ta-p/218137/jump-to/first-unread-message", "tags": ["Vendor Advisory"], "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/MNDT-2021-0011/MNDT-2021-0011.md", "tags": ["Third Party Advisory"], "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://seclists.org/fulldisclosure/2024/Apr/24", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://community.flexera.com/t5/InstallShield-Knowledge-Base/CVE-2021-41526-Privilege-escalation-vulnerability-during-MSI/ta-p/218137/jump-to/first-unread-message", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/MNDT-2021-0011/MNDT-2021-0011.md", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been reported in the windows installer (MSI) built with InstallScript custom action. This vulnerability may allow privilege escalation when invoked \u2018repair\u2019 of the MSI which has an InstallScript custom action."}], "lastModified": "2024-11-21T06:26:21.203", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:flexera:revenera_installshield:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "ED638412-2AD6-4860-9B87-C863984346AA", "versionEndExcluding": "2021"}, {"criteria": "cpe:2.3:a:flexera:revenera_installshield:2021:-:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "08F8E0A6-92A1-4F49-B9C8-1698858587F4"}, {"criteria": "cpe:2.3:a:flexera:revenera_installshield:2021:r1:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "7396B001-F8E1-48FB-AF78-E2FA8D81D662"}], "operator": "OR"}]}], "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com"}