CVE-2021-37852

ESET products for Windows allows untrusted process to impersonate the client of a pipe, which can be leveraged by attacker to escalate privileges in the context of NT AUTHORITY\SYSTEM.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
ESETCNA
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 12%
VendorProductVersion
esetendpoint_antivirus
6.6.2046.0 ≤
𝑥
< 7.3.2055.0
esetendpoint_antivirus
8.0 ≤
𝑥
< 8.0.2028.3
esetendpoint_antivirus
8.1 ≤
𝑥
< 8.1.2031.4
esetendpoint_antivirus
9.0 ≤
𝑥
< 9.0.2032.6
esetendpoint_security
6.6.2046.0 ≤
𝑥
< 7.3.2055.0
esetendpoint_security
8.0 ≤
𝑥
< 8.0.2028.3
esetendpoint_security
8.1 ≤
𝑥
< 8.1.2031.4
esetendpoint_security
9.0 ≤
𝑥
< 9.0.2032.6
esetfile_security
7.0.12014.0 ≤
𝑥
≤ 7.3.12006.0
esetinternet_security
10.0.337.1 ≤
𝑥
< 15.0.18.0
esetmail_security
7.0.10019 ≤
𝑥
< 7.3.10014.0
esetmail_security
7.0.14008.0 ≤
𝑥
< 7.3.14003.0
esetmail_security
8.0 ≤
𝑥
< 8.0.14006.0
esetmail_security
8.0.10012.0 ≤
𝑥
< 8.0.10018.0
esetnod32_antivirus
10.0.337.1 ≤
𝑥
≤ 15.0.18.0
esetsecurity
7.0.15008.0 ≤
𝑥
≤ 8.0.15004.0
esetserver_security
7.0.12016.1002 ≤
𝑥
≤ 7.2.12004.1000
esetserver_security
8.0.12003.0
esetserver_security
8.0.12003.1
esetsmart_security
10.0.337.1 ≤
𝑥
≤ 15.0.18.0
esetsmart_security
10.0.337.1 ≤
𝑥
≤ 15.0.18.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://support.eset.com/en/ca8223-local-privilege-escalation-vulnerability-fixed-in-eset-products-for-windows
https://www.zerodayinitiative.com/advisories/ZDI-22-148/
https://support.eset.com/en/ca8223-local-privilege-escalation-vulnerability-fixed-in-eset-products-for-windows
https://www.zerodayinitiative.com/advisories/ZDI-22-148/