CVE-2021-37852

Summary

ESET products for Windows allows untrusted process to impersonate the client of a pipe, which can be leveraged by attacker to escalate privileges in the context of NT AUTHORITY\SYSTEM.

Affected Software

VendorProductVersion RangeStatus
ESETESET NOD32 Antivirus10.0.337.1 <= 15.0.18.0affected
ESETESET Internet Security10.0.337.1 <= 15.0.18.0affected
ESETESET Smart Security10.0.337.1 <= 15.0.18.0affected
ESETESET Endpoint Antivirus for Windows6.6.2046.0 <= 9.0.2032.4affected
ESETESET Endpoint Security for Windows6.6.2046.0 <= 9.0.2032.4affected
ESETESET Server Security for Microsoft Windows Server8.0.12003.0 <= 8.0.12003.1affected
ESETESET File Security for Microsoft Windows Server7.0.12014.0 <= 7.3.12006.0affected
ESETESET Server Security for Microsoft Azure7.0.12016.1002 <= 7.2.12004.1000affected
ESETESET Security for Microsoft SharePoint Server7.0.15008.0 <= 8.0.15004.0affected
ESETESET Mail Security for IBM Domino7.0.14008.0 <= 8.0.14004.0affected
ESETESET Mail Security for Microsoft Exchange Server7.0.10019 <= 8.0.10016.0affected

Weaknesses

  • Privilege Escalation

Workarounds

The attack surface can also be eliminated by disabling the Enable advanced scanning via AMSI option in ESET products’ Advanced setup.

However, ESET strongly recommends performing an upgrade to a fixed product version and only applying this workaround when the upgrade is not possible for an important reason.

ADP Enrichment

CVE Program Container

Additional References

References