CVE-2021-38469

CRITICAL

Auvesy versiondog <= 8.0.0 - DLL Hijacking

Title source: llm

Description

Many of the services used by the affected product do not specify full paths for the DLLs they are loading. An attacker can exploit the uncontrolled search path by implanting their own DLL near the affected product’s binaries, thus hijacking the loaded DLL.

References (1)

[Patch, Third Party Advisory, US Government Resource] https://us-cert.cisa.gov/ics/advisories/icsa-21-292-01

Scores

CVSS v3 9.1

EPSS 0.0013

EPSS Percentile 32.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Classification

CWE

CWE-427

Status published

Affected Products (1)

auvesy/versiondog < 8.0.0

Timeline

Published Oct 22, 2021

Tracked Since Feb 18, 2026