CVE-2021-27766

Description

The BigFix Client installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

Low

Availability

None

Affected products

HCL Software / BigFix Platform9.5 - 9.5.18, 10 - 10.0.5 – 9.5 - 9.5.18, 10 - 10.0.5

References

MISChttps://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0098116
MISChttps://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0024/MNDT-2022-0024.md