PT-2021-23536 · Allegro · Allegro
Dominique Righetto
·
Published
2021-12-08
·
Updated
2021-12-10
·
CVE-2021-42110
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Allegro Windows versions prior to 3.3.4156.1
Description
The issue allows a standard user to escalate privileges to SYSTEM if the FTP module is installed, due to DLL hijacking.
Recommendations
For versions prior to 3.3.4156.1, update to version 3.3.4156.1 or later to resolve the issue. As a temporary workaround, consider uninstalling or disabling the FTP module until a patch is applied.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Allegro