CVE-2021-38469 CRITICAL

CVE-2021-38469: AUVESY Versiondog

Vendor Auvesy
Product Versiondog
Weakness CWE-427
Published October 22, 2021
Last update September 16, 2024

CVSS base score

9.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

What the vulnerability does

01Description

Many of the services used by the affected product do not specify full paths for the DLLs they are loading. An attacker can exploit the uncontrolled search path by implanting their own DLL near the affected product’s binaries, thus hijacking the loaded DLL.

Key dates

02Disclosure timeline

October 22, 2021 CVE published
September 16, 2024 Record updated