Lucene search

[email protected]NVD:CVE-2021-27579

HistoryFeb 23, 2021 - 6:15 p.m.

CVE-2021-27579

2021-02-2318:15:14

[email protected]

web.nvd.nist.gov

snow inventory agent

privilege escalation

cpuid

windows

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

12.6%

JSON

Snow Inventory Agent through 6.7.0 on Windows uses CPUID to report on processor types and versions that may be deployed and in use across an IT environment. A privilege-escalation vulnerability exists if CPUID is enabled, and thus it should be disabled via configuration settings.

Affected configurations

Nvd

Node

snowsoftwaresnow_inventory_agentRange5.3.1–6.7.0windows

VendorProductVersionCPE
snowsoftwaresnow_inventory_agent*cpe:2.3:a:snowsoftware:snow_inventory_agent:*:*:*:*:*:windows:*:*

Vendor	Product	Version	CPE
snowsoftware	snow_inventory_agent	*	cpe:2.3:a:snowsoftware:snow_inventory_agent::::::windows::*

References

community.snowsoftware.com/s/feed/0D56900009cfHLDCA2

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

12.6%

JSON

Related for NVD:CVE-2021-27579

prion1 cve1 cvelist1