CVE-2021-35508 — HIGH (8.8)

Vulnerability Description

NMSAccess32.exe in TeraRecon AQNetClient 4.4.13 allows attackers to execute a malicious binary with SYSTEM privileges via a low-privileged user account. To exploit this, a low-privileged user must change the service configuration or overwrite the binary service.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Terarecon	Aquariusnet	4.4.13

Related Weaknesses (CWE)

CWE-732

References

https://terarecon.sharefile.com/d-s05c8b7792f354a2d8115789a02449c4aProductThird Party Advisory
https://www.linkedin.com/pulse/cve-2021-35508-privilege-escalation-via-weak-windExploitThird Party Advisory
https://terarecon.sharefile.com/d-s05c8b7792f354a2d8115789a02449c4aProductThird Party Advisory
https://www.linkedin.com/pulse/cve-2021-35508-privilege-escalation-via-weak-windExploitThird Party Advisory

FAQ

What is CVE-2021-35508?

CVE-2021-35508 is a vulnerability with a CVSS score of 8.8 (HIGH). NMSAccess32.exe in TeraRecon AQNetClient 4.4.13 allows attackers to execute a malicious binary with SYSTEM privileges via a low-privileged user account. To exploit this, a low-privileged user must cha...

How severe is CVE-2021-35508?

CVE-2021-35508 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-35508?

Check the references section above for vendor advisories and patch information. Affected products include: Terarecon Aquariusnet.