Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2021-37852
HistoryFeb 09, 2022 - 6:15 a.m.

CVE-2021-37852

2022-02-0906:15:06
CWE-269
[email protected]
web.nvd.nist.gov
4
eset product
privilege escalation
client pipe
windows
nt authority\system

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

26.9%

JSON

ESET products for Windows allows untrusted process to impersonate the client of a pipe, which can be leveraged by attacker to escalate privileges in the context of NT AUTHORITY\SYSTEM.

Affected configurations

Nvd
Node
esetendpoint_antivirusRange6.6.2046.07.3.2055.0windows
OR
esetendpoint_antivirusRange8.08.0.2028.3windows
OR
esetendpoint_antivirusRange8.18.1.2031.4windows
OR
esetendpoint_antivirusRange9.09.0.2032.6windows
OR
esetendpoint_securityRange6.6.2046.07.3.2055.0windows
OR
esetendpoint_securityRange8.08.0.2028.3windows
OR
esetendpoint_securityRange8.18.1.2031.4windows
OR
esetendpoint_securityRange9.09.0.2032.6windows
OR
esetfile_securityRange7.0.12014.07.3.12006.0windows_server
OR
esetinternet_securityRange10.0.337.115.0.18.0windows
OR
esetmail_securityRange7.0.100197.3.10014.0exchange_server
OR
esetmail_securityRange7.0.14008.07.3.14003.0domino
OR
esetmail_securityRange8.08.0.14006.0domino
OR
esetmail_securityRange8.0.10012.08.0.10018.0exchange_server
OR
esetnod32_antivirusRange10.0.337.115.0.18.0windows
OR
esetsecurityRange7.0.15008.08.0.15004.0sharepoint
OR
esetserver_securityRange7.0.12016.10027.2.12004.1000azure
OR
esetserver_securityMatch8.0.12003.0windows_server
OR
esetserver_securityMatch8.0.12003.1windows_server
OR
esetsmart_securityRange10.0.337.115.0.18.0-windows
OR
esetsmart_securityRange10.0.337.115.0.18.0premiumwindows
VendorProductVersionCPE
esetendpoint_antivirus*cpe:2.3:a:eset:endpoint_antivirus:*:*:*:*:*:windows:*:*
esetendpoint_security*cpe:2.3:a:eset:endpoint_security:*:*:*:*:*:windows:*:*
esetfile_security*cpe:2.3:a:eset:file_security:*:*:*:*:*:windows_server:*:*
esetinternet_security*cpe:2.3:a:eset:internet_security:*:*:*:*:*:windows:*:*
esetmail_security*cpe:2.3:a:eset:mail_security:*:*:*:*:*:exchange_server:*:*
esetmail_security*cpe:2.3:a:eset:mail_security:*:*:*:*:*:domino:*:*
esetnod32_antivirus*cpe:2.3:a:eset:nod32_antivirus:*:*:*:*:*:windows:*:*
esetsecurity*cpe:2.3:a:eset:security:*:*:*:*:*:sharepoint:*:*
esetserver_security*cpe:2.3:a:eset:server_security:*:*:*:*:azure:*:*:*
esetserver_security8.0.12003.0cpe:2.3:a:eset:server_security:8.0.12003.0:*:*:*:*:windows_server:*:*
Rows per page:
1-10 of 131

Related

prion 1
cvelist 1
zdi 1
cve 1
prion
prion
Code injection
2022-02-09 06:15:00
cvelist
cvelist
CVE-2021-37852 LPE in ESET products for Windows
2022-02-09 05:14:13
zdi
zdi
ESET Endpoint Antivirus Unnecessary Privileges Local Privilege Escalation Vulnerability
2022-01-31 00:00:00
cve
cve
CVE-2021-37852
2022-02-09 06:15:06

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

26.9%

JSON
Related for NVD:CVE-2021-37852
prion1cvelist1zdi1cve1