CVE-2021-35957

MEDIUM

Stormshield Endpoint Security Evolution <2.0.3 - Privilege Escalation

Title source: llm
STIX 2.1

Description

Stormshield Endpoint Security Evolution 2.0.0 through 2.0.2 does not accomplish the intended defense against local administrators who can replace the Visual C++ runtime DLLs (in %WINDIR%\system32) with malicious ones.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_misc
https://advisories.stormshield.eu
Vendor Advisory x_refsource_misc
https://advisories.stormshield.eu/2021-045/

Scores

CVSS v3 6.7
EPSS 0.0025
EPSS Percentile 16.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-427
Status published
Products (1)
stormshield/endpoint_security 2.0.0 - 2.0.2
Published Jul 13, 2021
Tracked Since Feb 18, 2026