CVE-2021-37852

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 09-02-2022 07:15

Last modified: - 11-02-2022 08:35

Total changes: - 2

Description

ESET products for Windows allows untrusted process to impersonate the client of a pipe, which can be leveraged by attacker to escalate privileges in the context of NT AUTHORITY\SYSTEM.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Low

Attack complexity

Local

Attack vector

High

Availability

High

Confidentiality

High

Integrity

Low

Privileges required

Unchanged

Scope

None

User interaction

7.8

Base score

1.8

5.9

Exploitability score

Impact score

Verification logic

vendor=eset AND product=endpoint_antivirus AND target_software=windows AND versionStartIncluding=6.6.2046.0 AND versionEndExcluding=7.3.2055.0

vendor=eset AND product=endpoint_antivirus AND target_software=windows AND versionStartIncluding=8.0 AND versionEndExcluding=8.0.2028.3

vendor=eset AND product=endpoint_antivirus AND target_software=windows AND versionStartIncluding=8.1 AND versionEndExcluding=8.1.2031.4

vendor=eset AND product=endpoint_antivirus AND target_software=windows AND versionStartIncluding=9.0 AND versionEndExcluding=9.0.2032.6

vendor=eset AND product=endpoint_security AND target_software=windows AND versionStartIncluding=6.6.2046.0 AND versionEndExcluding=7.3.2055.0

vendor=eset AND product=endpoint_security AND target_software=windows AND versionStartIncluding=8.0 AND versionEndExcluding=8.0.2028.3

vendor=eset AND product=endpoint_security AND target_software=windows AND versionStartIncluding=8.1 AND versionEndExcluding=8.1.2031.4

vendor=eset AND product=endpoint_security AND target_software=windows AND versionStartIncluding=9.0 AND versionEndExcluding=9.0.2032.6

vendor=eset AND product=file_security AND target_software=windows_server AND versionEndIncluding=7.3.12006.0 AND versionStartIncluding=7.0.12014.0

vendor=eset AND product=internet_security AND target_software=windows AND versionStartIncluding=10.0.337.1 AND versionEndExcluding=15.0.18.0

vendor=eset AND product=mail_security AND target_software=exchange_server AND versionStartIncluding=7.0.10019 AND versionEndExcluding=7.3.10014.0

vendor=eset AND product=mail_security AND target_software=domino AND versionStartIncluding=7.0.14008.0 AND versionEndExcluding=7.3.14003.0

vendor=eset AND product=mail_security AND target_software=domino AND versionStartIncluding=8.0 AND versionEndExcluding=8.0.14006.0

vendor=eset AND product=mail_security AND target_software=exchange_server AND versionStartIncluding=8.0.10012.0 AND versionEndExcluding=8.0.10018.0

vendor=eset AND product=nod32_antivirus AND target_software=windows AND versionEndIncluding=15.0.18.0 AND versionStartIncluding=10.0.337.1

vendor=eset AND product=security AND target_software=sharepoint AND versionEndIncluding=8.0.15004.0 AND versionStartIncluding=7.0.15008.0

vendor=eset AND product=server_security AND software_edition=azure AND versionEndIncluding=7.2.12004.1000 AND versionStartIncluding=7.0.12016.1002

vendor=eset AND product=server_security AND version=8.0.12003.0 AND target_software=windows_server

vendor=eset AND product=server_security AND version=8.0.12003.1 AND target_software=windows_server

vendor=eset AND product=smart_security AND software_edition=- AND target_software=windows AND versionEndIncluding=15.0.18.0 AND versionStartIncluding=10.0.337.1

vendor=eset AND product=smart_security AND software_edition=premium AND target_software=windows AND versionEndIncluding=15.0.18.0 AND versionStartIncluding=10.0.337.1

Reference

Keywords

CVE-2021-37852

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2021-37852

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures