CVE-2021-22961 – This vulnerability allows attackers to execute ... (How to Fix)

Q: What is the severity of CVE-2021-22961?

CVE-2021-22961 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows attackers to execute arbitrary code on systems running GlassWire firewall software by exploiting a code injection flaw during first execution. Users of GlassWire v2.1.167 are affected, potentially enabling complete system compromise.

📋 TL;DR

This vulnerability allows attackers to execute arbitrary code on systems running GlassWire firewall software by exploiting a code injection flaw during first execution. Users of GlassWire v2.1.167 are affected, potentially enabling complete system compromise.

💻 Affected Systems

Products:

GlassWire

Versions: v2.1.167

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability triggers on first execution from user path, requiring local access or file placement capability.

📦 What is this software?

Glasswire by Glasswire

View all CVEs affecting Glasswire →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with administrative privileges, allowing data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Local privilege escalation leading to unauthorized access to sensitive system resources and user data.

🟢

If Mitigated

Limited impact if proper application whitelisting and least privilege principles are enforced.

🌐 Internet-Facing: LOW

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires placing malicious file in user path and triggering execution, but technical details are publicly available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v2.1.168 or later

Vendor Advisory: https://hackerone.com/reports/1193641

Restart Required: Yes

Instructions:

1. Download latest GlassWire version from official website. 2. Uninstall current version. 3. Install updated version. 4. Restart system.

🔧 Temporary Workarounds

Remove vulnerable version

windows

Uninstall GlassWire v2.1.167 completely until patched version can be installed.

Control Panel > Programs > Uninstall GlassWire

Restrict user path execution

windows

Implement application control policies to prevent execution from user directories.

🧯 If You Can't Patch

Implement strict application whitelisting to prevent unauthorized executables
Use endpoint detection and response (EDR) tools to monitor for suspicious process creation

🔍 How to Verify

Check if Vulnerable:

Check GlassWire version in About dialog or Programs list - if version is exactly 2.1.167, system is vulnerable.

Check Version:

wmic product where name="GlassWire" get version

Verify Fix Applied:

Verify installed version is 2.1.168 or higher in About dialog.

📡 Detection & Monitoring

Log Indicators:

Unexpected GlassWire process creation from user directories
File creation events in user path followed by GlassWire execution

Network Indicators:

Unusual outbound connections from GlassWire process

SIEM Query:

Process Creation where Image contains "GlassWire" and CommandLine contains user path patterns

📊 Metadata

CVE ID: CVE-2021-22961

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-94

Published: October 18, 2021

Last Updated: November 21, 2024

🔗 References

https://hackerone.com/reports/1193641 Permissions Required
https://hackerone.com/reports/1193641 Permissions Required

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-22961, you might also want to check these: