Vulnerability Name:

CVE-2021-37852 (CCN-218592)

Assigned:2021-08-02
Published:2022-01-31
Updated:2022-07-12
Summary:ESET products for Windows allows untrusted process to impersonate the client of a pipe, which can be leveraged by attacker to escalate privileges in the context of NT AUTHORITY\SYSTEM.
CVSS v3 Severity:7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
7.0 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.1 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.0 Medium (CCN CVSS v2 Vector: AV:L/AC:H/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): High
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-269
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2021-37852

Source: XF
Type: UNKNOWN
eset-cve202137852-priv-esc(218592)

Source: CCN
Type: ESET CA8223
Local privilege escalation vulnerability fixed in ESET products for Windows

Source: MISC
Type: Vendor Advisory
https://support.eset.com/en/ca8223-local-privilege-escalation-vulnerability-fixed-in-eset-products-for-windows

Source: CCN
Type: ZDI-22-148
ESET Endpoint Antivirus Unnecessary Privileges Local Privilege Escalation Vulnerability

Source: MISC
Type: Third Party Advisory, VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-22-148/

Vulnerable Configuration:Configuration 1:
  • cpe:/a:eset:mail_security:*:*:*:*:*:domino:*:* (Version >= 8.0 and < 8.0.14006.0)
  • OR cpe:/a:eset:mail_security:*:*:*:*:*:domino:*:* (Version >= 7.0.14008.0 and < 7.3.14003.0)
  • OR cpe:/a:eset:mail_security:*:*:*:*:*:exchange_server:*:* (Version >= 8.0.10012.0 and < 8.0.10018.0)
  • OR cpe:/a:eset:mail_security:*:*:*:*:*:exchange_server:*:* (Version >= 7.0.10019 and < 7.3.10014.0)
  • OR cpe:/a:eset:internet_security:*:*:*:*:*:windows:*:* (Version >= 10.0.337.1 and < 15.0.18.0)
  • OR cpe:/a:eset:endpoint_security:*:*:*:*:*:windows:*:* (Version >= 9.0 and < 9.0.2032.6)
  • OR cpe:/a:eset:endpoint_security:*:*:*:*:*:windows:*:* (Version >= 8.1 and < 8.1.2031.4)
  • OR cpe:/a:eset:endpoint_security:*:*:*:*:*:windows:*:* (Version >= 8.0 and < 8.0.2028.3)
  • OR cpe:/a:eset:endpoint_security:*:*:*:*:*:windows:*:* (Version >= 6.6.2046.0 and < 7.3.2055.0)
  • OR cpe:/a:eset:endpoint_antivirus:*:*:*:*:*:windows:*:* (Version >= 6.6.2046.0 and < 7.3.2055.0)
  • OR cpe:/a:eset:endpoint_antivirus:*:*:*:*:*:windows:*:* (Version >= 8.0 and < 8.0.2028.3)
  • OR cpe:/a:eset:endpoint_antivirus:*:*:*:*:*:windows:*:* (Version >= 8.1 and < 8.1.2031.4)
  • OR cpe:/a:eset:endpoint_antivirus:*:*:*:*:*:windows:*:* (Version >= 9.0 and < 9.0.2032.6)
  • OR cpe:/a:eset:file_security:*:*:*:*:*:windows_server:*:* (Version >= 7.0.12014.0 and <= 7.3.12006.0)
  • OR cpe:/a:eset:nod32_antivirus:*:*:*:*:*:windows:*:* (Version >= 10.0.337.1 and <= 15.0.18.0)
  • OR cpe:/a:eset:security:*:*:*:*:*:sharepoint:*:* (Version >= 7.0.15008.0 and <= 8.0.15004.0)
  • OR cpe:/a:eset:server_security:*:*:*:*:azure:*:*:* (Version >= 7.0.12016.1002 and <= 7.2.12004.1000)
  • OR cpe:/a:eset:server_security:8.0.12003.0:*:*:*:*:windows_server:*:*
  • OR cpe:/a:eset:server_security:8.0.12003.1:*:*:*:*:windows_server:*:*
  • OR cpe:/a:eset:smart_security:*:*:*:*:-:windows:*:* (Version >= 10.0.337.1 and <= 15.0.18.0)
  • OR cpe:/a:eset:smart_security:*:*:*:*:premium:windows:*:* (Version >= 10.0.337.1 and <= 15.0.18.0)

    • * Denotes that component is vulnerable
    BACK
    eset mail security *
    eset mail security *
    eset mail security *
    eset mail security *
    eset internet security *
    eset endpoint security *
    eset endpoint security *
    eset endpoint security *
    eset endpoint security *
    eset endpoint antivirus *
    eset endpoint antivirus *
    eset endpoint antivirus *
    eset endpoint antivirus *
    eset file security *
    eset nod32 antivirus *
    eset security *
    eset server security *
    eset server security 8.0.12003.0
    eset server security 8.0.12003.1
    eset smart security *
    eset smart security *