CVE-2021-27766 - OpenCVE

The BigFix Client installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hcltech	Bigfix Platform

Configuration 1 [-]

OR	cpe:2.3:a:hcltech:bigfix_platform::::::::
	cpe:2.3:a:hcltech:bigfix_platform::::::::

No data.

References

Link	Providers
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0024/MNDT-2022-0024.md
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0098116

History

No history.

MITRE

Status: PUBLISHED

Assigner: HCL

Published: 2022-05-06T18:10:38.317312Z

Updated: 2024-09-17T03:52:58.363Z

Reserved: 2021-02-26T00:00:00

Link: CVE-2021-27766

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-05-06T18:15:09.070

Modified: 2022-05-16T17:35:04.947

Link: CVE-2021-27766

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "BigFix Platform", "vendor": "HCL Software", "versions": [{"status": "affected", "version": "9.5 - 9.5.18, 10 - 10.0.5"}]}], "credits": [{"lang": "en", "value": "HCL Software would like to thank Mandiant for responsibly reporting this vulnerability."}], "datePublic": "2022-04-21T00:00:00", "descriptions": [{"lang": "en", "value": "The BigFix Client installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-05-12T14:42:12", "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0098116"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0024/MNDT-2022-0024.md"}], "source": {"discovery": "UNKNOWN"}, "title": "HCL BigFix Platform Client is affected by a Privilege Escalation Vulnerability", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@hcl.com", "DATE_PUBLIC": "2022-04-21T00:00:00.000Z", "ID": "CVE-2021-27766", "STATE": "PUBLIC", "TITLE": "HCL BigFix Platform Client is affected by a Privilege Escalation Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "BigFix Platform", "version": {"version_data": [{"version_value": "9.5 - 9.5.18, 10 - 10.0.5"}]}}]}, "vendor_name": "HCL Software"}]}}, "credit": [{"lang": "eng", "value": "HCL Software would like to thank Mandiant for responsibly reporting this vulnerability."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The BigFix Client installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-269 Improper Privilege Management"}]}]}, "references": {"reference_data": [{"name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0098116", "refsource": "MISC", "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0098116"}, {"name": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0024/MNDT-2022-0024.md", "refsource": "MISC", "url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0024/MNDT-2022-0024.md"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T21:26:10.881Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0098116"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0024/MNDT-2022-0024.md"}]}]}, "cveMetadata": {"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "assignerShortName": "HCL", "cveId": "CVE-2021-27766", "datePublished": "2022-05-06T18:10:38.317312Z", "dateReserved": "2021-02-26T00:00:00", "dateUpdated": "2024-09-17T03:52:58.363Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hcltech:bigfix_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "E7F891B6-507E-4F65-8F27-5C8893C8C911", "versionEndIncluding": "9.5.18", "versionStartIncluding": "9.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:bigfix_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "5AC80717-EA80-4FB3-83A6-E8DD4E7FB1B7", "versionEndIncluding": "10.0.5", "versionStartIncluding": "10", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The BigFix Client installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed."}, {"lang": "es", "value": "El instalador de BigFix Client es creado con InstallShield, que estaba afectado por CVE-2021-41526, una vulnerabilidad que pod\u00eda permitir a un usuario local llevar a cabo una elevaci\u00f3n de privilegios. Esta vulnerabilidad fue resuelta mediante la actualizaci\u00f3n a una versi\u00f3n de InstallShield con la vulnerabilidad subyacente corregida"}], "id": "CVE-2021-27766", "lastModified": "2022-05-16T17:35:04.947", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 4.7, "source": "psirt@hcl.com", "type": "Secondary"}]}, "published": "2022-05-06T18:15:09.070", "references": [{"source": "psirt@hcl.com", "tags": ["Third Party Advisory"], "url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0024/MNDT-2022-0024.md"}, {"source": "psirt@hcl.com", "tags": ["Vendor Advisory"], "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0098116"}], "sourceIdentifier": "psirt@hcl.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-269"}], "source": "psirt@hcl.com", "type": "Secondary"}]}