Vulnerability Details : CVE-2021-37852
ESET products for Windows allows untrusted process to impersonate the client of a pipe, which can be leveraged by attacker to escalate privileges in the context of NT AUTHORITY\SYSTEM.
Products affected by CVE-2021-37852
- Eset » Nod32 Antivirus » For WindowsVersions from including (>=) 10.0.337.1 and up to, including, (<=) 15.0.18.0cpe:2.3:a:eset:nod32_antivirus:*:*:*:*:*:windows:*:*
- Eset » Smart Security » Premium Edition For WindowsVersions from including (>=) 10.0.337.1 and up to, including, (<=) 15.0.18.0cpe:2.3:a:eset:smart_security:*:*:*:*:premium:windows:*:*
- Eset » Smart Security » For WindowsVersions from including (>=) 10.0.337.1 and up to, including, (<=) 15.0.18.0cpe:2.3:a:eset:smart_security:*:*:*:*:-:windows:*:*
- cpe:2.3:a:eset:endpoint_security:*:*:*:*:*:windows:*:*
- cpe:2.3:a:eset:endpoint_security:*:*:*:*:*:windows:*:*
- Eset » Endpoint Security » For WindowsVersions from including (>=) 6.6.2046.0 and before (<) 7.3.2055.0cpe:2.3:a:eset:endpoint_security:*:*:*:*:*:windows:*:*
- cpe:2.3:a:eset:endpoint_security:*:*:*:*:*:windows:*:*
- Eset » Endpoint Antivirus » For WindowsVersions from including (>=) 6.6.2046.0 and before (<) 7.3.2055.0cpe:2.3:a:eset:endpoint_antivirus:*:*:*:*:*:windows:*:*
- cpe:2.3:a:eset:endpoint_antivirus:*:*:*:*:*:windows:*:*
- cpe:2.3:a:eset:endpoint_antivirus:*:*:*:*:*:windows:*:*
- cpe:2.3:a:eset:endpoint_antivirus:*:*:*:*:*:windows:*:*
- Eset » Internet Security » For WindowsVersions from including (>=) 10.0.337.1 and before (<) 15.0.18.0cpe:2.3:a:eset:internet_security:*:*:*:*:*:windows:*:*
- Eset » File Security » For Windows ServerVersions from including (>=) 7.0.12014.0 and up to, including, (<=) 7.3.12006.0cpe:2.3:a:eset:file_security:*:*:*:*:*:windows_server:*:*
- Eset » Mail Security » For Exchange ServerVersions from including (>=) 8.0.10012.0 and before (<) 8.0.10018.0cpe:2.3:a:eset:mail_security:*:*:*:*:*:exchange_server:*:*
- Eset » Mail Security » For DominoVersions from including (>=) 7.0.14008.0 and before (<) 7.3.14003.0cpe:2.3:a:eset:mail_security:*:*:*:*:*:domino:*:*
- cpe:2.3:a:eset:mail_security:*:*:*:*:*:domino:*:*
- Eset » Mail Security » For Exchange ServerVersions from including (>=) 7.0.10019 and before (<) 7.3.10014.0cpe:2.3:a:eset:mail_security:*:*:*:*:*:exchange_server:*:*
- Eset » Security » For SharepointVersions from including (>=) 7.0.15008.0 and up to, including, (<=) 8.0.15004.0cpe:2.3:a:eset:security:*:*:*:*:*:sharepoint:*:*
- Eset » Server Security » Azure EditionVersions from including (>=) 7.0.12016.1002 and up to, including, (<=) 7.2.12004.1000cpe:2.3:a:eset:server_security:*:*:*:*:azure:*:*:*
- cpe:2.3:a:eset:server_security:8.0.12003.0:*:*:*:*:windows_server:*:*
- cpe:2.3:a:eset:server_security:8.0.12003.1:*:*:*:*:windows_server:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-37852
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 25 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-37852
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
ESET |
CWE ids for CVE-2021-37852
-
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-37852
-
https://www.zerodayinitiative.com/advisories/ZDI-22-148/
ZDI-22-148 | Zero Day InitiativeThird Party Advisory;VDB Entry
-
https://support.eset.com/en/ca8223-local-privilege-escalation-vulnerability-fixed-in-eset-products-for-windows
[CA8223] Local privilege escalation vulnerability fixed in ESET products for WindowsVendor Advisory
Jump to