Vulnerability Details CVE-2021-27579
Snow Inventory Agent through 6.7.0 on Windows uses CPUID to report on processor types and versions that may be deployed and in use across an IT environment. A privilege-escalation vulnerability exists if CPUID is enabled, and thus it should be disabled via configuration settings.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 18.1%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 4.4
References
Products affected by CVE-2021-27579
-
cpe:2.3:a:snowsoftware:snow_inventory_agent:5.3.1
-
cpe:2.3:a:snowsoftware:snow_inventory_agent:6.0.0
-
cpe:2.3:a:snowsoftware:snow_inventory_agent:6.0.2
-
cpe:2.3:a:snowsoftware:snow_inventory_agent:6.1.0
-
cpe:2.3:a:snowsoftware:snow_inventory_agent:6.2.0
-
cpe:2.3:a:snowsoftware:snow_inventory_agent:6.2.1
-
cpe:2.3:a:snowsoftware:snow_inventory_agent:6.3.0
-
cpe:2.3:a:snowsoftware:snow_inventory_agent:6.5.0
-
cpe:2.3:a:snowsoftware:snow_inventory_agent:6.6.0
-
cpe:2.3:a:snowsoftware:snow_inventory_agent:6.7.0