Vulnerability Details CVE-2021-37852
ESET products for Windows allows untrusted process to impersonate the client of a pipe, which can be leveraged by attacker to escalate privileges in the context of NT AUTHORITY\SYSTEM.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 12.4%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 7.2
References
- https://support.eset.com/en/ca8223-local-privilege-escalation-vulnerability-fixed-in-eset-products-for-windows
- https://www.zerodayinitiative.com/advisories/ZDI-22-148/
- https://support.eset.com/en/ca8223-local-privilege-escalation-vulnerability-fixed-in-eset-products-for-windows
- https://www.zerodayinitiative.com/advisories/ZDI-22-148/
Products affected by CVE-2021-37852
-
cpe:2.3:a:eset:endpoint_antivirus:6.6.2046.0
-
cpe:2.3:a:eset:endpoint_antivirus:8.0
-
cpe:2.3:a:eset:endpoint_antivirus:8.1
-
cpe:2.3:a:eset:endpoint_antivirus:9.0
-
cpe:2.3:a:eset:endpoint_security:6.6.2046.0
-
cpe:2.3:a:eset:endpoint_security:8.0
-
cpe:2.3:a:eset:endpoint_security:8.1
-
cpe:2.3:a:eset:endpoint_security:9.0
-
cpe:2.3:a:eset:file_security:7.0.12014.0
-
cpe:2.3:a:eset:file_security:7.2
-
cpe:2.3:a:eset:internet_security:10.0.337.1
-
cpe:2.3:a:eset:mail_security:7.0.10019
-
cpe:2.3:a:eset:mail_security:7.0.14008.0
-
cpe:2.3:a:eset:mail_security:7.2
-
cpe:2.3:a:eset:mail_security:8.0
-
cpe:2.3:a:eset:mail_security:8.0.10012.0
-
cpe:2.3:a:eset:nod32_antivirus:10.0.337.1
-
cpe:2.3:a:eset:nod32_antivirus:15.0.18.0
-
cpe:2.3:a:eset:security:*
-
cpe:2.3:a:eset:server_security:*
-
cpe:2.3:a:eset:server_security:8.0.12003.0
-
cpe:2.3:a:eset:server_security:8.0.12003.1
-
cpe:2.3:a:eset:smart_security:10.0.337.1
-
cpe:2.3:a:eset:smart_security:15.0.18.0