CVE-2021-37852
Published: Feb 9, 2022
Modified: Sep 16, 2024
CVSS v3.1
7.8
Description
ESET products for Windows allows untrusted process to impersonate the client of a pipe, which can be leveraged by attacker to escalate privileges in the context of NT AUTHORITY\SYSTEM.
| Vendor | Product | Versions |
|---|---|---|
ESET | ESET NOD32 Antivirus | affected 10.0.337.1 - <= 15.0.18.0 |
ESET | ESET Internet Security | affected 10.0.337.1 - <= 15.0.18.0 |
ESET | ESET Smart Security | affected 10.0.337.1 - <= 15.0.18.0 |
ESET | ESET Endpoint Antivirus for Windows | affected 6.6.2046.0 - <= 9.0.2032.4 |
ESET | ESET Endpoint Security for Windows | affected 6.6.2046.0 - <= 9.0.2032.4 |
ESET | ESET Server Security for Microsoft Windows Server | affected 8.0.12003.0 - <= 8.0.12003.1 |
ESET | ESET File Security for Microsoft Windows Server | affected 7.0.12014.0 - <= 7.3.12006.0 |
ESET | ESET Server Security for Microsoft Azure | affected 7.0.12016.1002 - <= 7.2.12004.1000 |
ESET | ESET Security for Microsoft SharePoint Server | affected 7.0.15008.0 - <= 8.0.15004.0 |
ESET | ESET Mail Security for IBM Domino | affected 7.0.14008.0 - <= 8.0.14004.0 |
ESET | ESET Mail Security for Microsoft Exchange Server | affected 7.0.10019 - <= 8.0.10016.0 |
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now