CVE-2021-35957

MEDIUM

Stormshield Endpoint Security Evolution <2.0.3 - Privilege Escalation

Title source: llm

Description

Stormshield Endpoint Security Evolution 2.0.0 through 2.0.2 does not accomplish the intended defense against local administrators who can replace the Visual C++ runtime DLLs (in %WINDIR%\system32) with malicious ones.

References (2)

[Vendor Advisory] https://advisories.stormshield.eu

[Vendor Advisory] https://advisories.stormshield.eu/2021-045/

Scores

CVSS v3 6.7

EPSS 0.0006

EPSS Percentile 17.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status published

Affected Products (1)

stormshield/endpoint_security < 2.0.2

Timeline

Published Jul 13, 2021

Tracked Since Feb 18, 2026