CVE-2021-42563

HIGH

7.8

Description

There is an Unquoted Service Path in NI Service Locator (nisvcloc.exe) in versions prior to 18.0 on Windows. This may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges.

Details CVE

Score CVSS v3.17.8

SeveriteHIGH

Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueLOCAL

ComplexiteLOW

Privileges requisLOW

Interaction utilisateurNONE

Publie11/12/2021

Derniere modification11/21/2024

Sourcenvd

Observations honeypot0

Produits affectes

microsoft:windowsni:ni_service_locator

Faiblesses (CWE)

CWE-428

References

https://www.ni.com/en-us/support/documentation/supplemental/21/unquoted-service-path-in-ni-service-locator.html(cve@mitre.org)

https://www.ni.com/en-us/support/documentation/supplemental/21/unquoted-service-path-in-ni-service-locator.html(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.