CVE-2021-35957Uncontrolled Search Path Element in Endpoint Security

CWE-427Uncontrolled Search Path Element3 documents3 sources
Severity
6.7MEDIUMNVD
EPSS
0.1%
top 82.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Stormshield Endpoint Security
Timeline
PublishedJul 13
Latest updateMay 24

Description

Stormshield Endpoint Security Evolution 2.0.0 through 2.0.2 does not accomplish the intended defense against local administrators who can replace the Visual C++ runtime DLLs (in %WINDIR%\system32) with malicious ones.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages1 packages

NVDstormshield/endpoint_security2.0.02.0.2

🔴Vulnerability Details

2
GHSA
GHSA-6mwv-m758-qh3g: Stormshield Endpoint Security Evolution 22022-05-24
CVEList
CVE-2021-35957: Stormshield Endpoint Security Evolution 22021-07-13
CVE-2021-35957 — Uncontrolled Search Path Element | cvebase