CVE-2021-22038

CVE Database · CVE-2021-22038

CVE-2021-22038

· HIGHModified

CVSS v3.1

8.8

EPSS

0.96%

Published

Oct 29, 2021

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

On Windows, the uninstaller binary copies itself to a fixed temporary location, which is then executed (the originally called uninstaller exits, so it does not block the installation directory). This temporary location is not randomized and does not restrict access to Administrators only so a potential attacker could plant a binary to replace the copied binary right before it gets called, thus gaining Administrator privileges (if the original uninstaller was executed as Administrator). The vulnerability only affects Windows installers.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-330

Affected Products (1)

vmware · installbuilder (up to 21.6.0)vulnerable

References (2)

https://blog.installbuilder.com/2021/10/installbuilder-2160-released.html

Release NotesVendor Advisory

https://blog.installbuilder.com/2021/10/installbuilder-2160-released.html

Release NotesVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs