CVE-2021-37852
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
ESET products for Windows allows untrusted process to impersonate the client of a pipe, which can be leveraged by attacker to escalate privileges in the context of NT AUTHORITY\SYSTEM.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ESET | ESET NOD32 Antivirus | 10.0.337.1 <= 15.0.18.0 | affected |
| ESET | ESET Internet Security | 10.0.337.1 <= 15.0.18.0 | affected |
| ESET | ESET Smart Security | 10.0.337.1 <= 15.0.18.0 | affected |
| ESET | ESET Endpoint Antivirus for Windows | 6.6.2046.0 <= 9.0.2032.4 | affected |
| ESET | ESET Endpoint Security for Windows | 6.6.2046.0 <= 9.0.2032.4 | affected |
| ESET | ESET Server Security for Microsoft Windows Server | 8.0.12003.0 <= 8.0.12003.1 | affected |
| ESET | ESET File Security for Microsoft Windows Server | 7.0.12014.0 <= 7.3.12006.0 | affected |
| ESET | ESET Server Security for Microsoft Azure | 7.0.12016.1002 <= 7.2.12004.1000 | affected |
| ESET | ESET Security for Microsoft SharePoint Server | 7.0.15008.0 <= 8.0.15004.0 | affected |
| ESET | ESET Mail Security for IBM Domino | 7.0.14008.0 <= 8.0.14004.0 | affected |
| ESET | ESET Mail Security for Microsoft Exchange Server | 7.0.10019 <= 8.0.10016.0 | affected |
Weaknesses
- Privilege Escalation
Workarounds
The attack surface can also be eliminated by disabling the Enable advanced scanning via AMSI option in ESET products’ Advanced setup.
However, ESET strongly recommends performing an upgrade to a fixed product version and only applying this workaround when the upgrade is not possible for an important reason.
ADP Enrichment
CVE Program Container
Additional References
- https://support.eset.com/en/ca8223-local-privilege-escalation-vulnerability-fixed-in-eset-products-for-windows
- https://www.zerodayinitiative.com/advisories/ZDI-22-148/
References
- https://support.eset.com/en/ca8223-local-privilege-escalation-vulnerability-fixed-in-eset-products-for-windows
- https://www.zerodayinitiative.com/advisories/ZDI-22-148/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.