CVE-2021-37852
HIGHESET Endpoint Antivirus 6.6.2046.0-7.3.2055.0 - Privilege Escalation via Pipe Impersonation
Title source: llmDescription
ESET products for Windows allows untrusted process to impersonate the client of a pipe, which can be leveraged by attacker to escalate privileges in the context of NT AUTHORITY\SYSTEM.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://support.eset.com/en/ca8223-local-privilege-escalation-vulnerability-fixed-in-eset-products-for-windows
Third Party Advisory, VDB Entry x_refsource_misc
https://www.zerodayinitiative.com/advisories/ZDI-22-148/
Scores
CVSS v3
7.8
EPSS
0.0057
EPSS Percentile
42.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-269
Status
published
Products (12)
eset/endpoint_antivirus
6.6.2046.0 - 7.3.2055.0
eset/endpoint_security
6.6.2046.0 - 7.3.2055.0
eset/file_security
7.0.12014.0 - 7.3.12006.0
eset/internet_security
10.0.337.1 - 15.0.18.0
eset/mail_security
7.0.10019 - 7.3.10014.0
eset/mail_security
7.0.14008.0 - 7.3.14003.0
eset/nod32_antivirus
10.0.337.1 - 15.0.18.0
eset/security
7.0.15008.0 - 8.0.15004.0
eset/server_security
8.0.12003.0
eset/server_security
8.0.12003.1
... and 2 more
Published
Feb 09, 2022
Tracked Since
Feb 18, 2026