cbcvebase.
CVE-2021-37852
published 2022-02-09

CVE-2021-37852: ESET products for Windows allows untrusted process to impersonate the client of a pipe, which can be leveraged by attacker to escalate privileges in the…

PriorityP339high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.57%
42.7th percentile
ESET products for Windows allows untrusted process to impersonate the client of a pipe, which can be leveraged by attacker to escalate privileges in the context of NT AUTHORITY\SYSTEM.

Affected

31 ranges· showing 25
VendorProductVersion rangeFixed in
esetendpoint_antivirus>= 6.6.2046.0 < 7.3.2055.07.3.2055.0
esetendpoint_antivirus>= 8.0 < 8.0.2028.38.0.2028.3
esetendpoint_antivirus>= 8.1 < 8.1.2031.48.1.2031.4
esetendpoint_antivirus>= 9.0 < 9.0.2032.69.0.2032.6
esetendpoint_security>= 6.6.2046.0 < 7.3.2055.07.3.2055.0
esetendpoint_security>= 8.0 < 8.0.2028.38.0.2028.3
esetendpoint_security>= 8.1 < 8.1.2031.48.1.2031.4
esetendpoint_security>= 9.0 < 9.0.2032.69.0.2032.6
eseteset_endpoint_antivirus_for_windows6.6.2046.0 – 9.0.2032.4
eseteset_endpoint_security_for_windows6.6.2046.0 – 9.0.2032.4
eseteset_file_security_for_microsoft_windows_server7.0.12014.0 – 7.3.12006.0
eseteset_internet_security10.0.337.1 – 15.0.18.0
eseteset_mail_security_for_ibm_domino7.0.14008.0 – 8.0.14004.0
eseteset_mail_security_for_microsoft_exchange_server7.0.10019 – 8.0.10016.0
eseteset_nod32_antivirus10.0.337.1 – 15.0.18.0
eseteset_security_for_microsoft_sharepoint_server7.0.15008.0 – 8.0.15004.0
eseteset_server_security_for_microsoft_azure7.0.12016.1002 – 7.2.12004.1000
eseteset_server_security_for_microsoft_windows_server8.0.12003.0 – 8.0.12003.1
eseteset_smart_security10.0.337.1 – 15.0.18.0
esetfile_security7.0.12014.0 – 7.3.12006.0
esetinternet_security>= 10.0.337.1 < 15.0.18.015.0.18.0
esetmail_security>= 7.0.10019 < 7.3.10014.07.3.10014.0
esetmail_security>= 7.0.14008.0 < 7.3.14003.07.3.14003.0
esetmail_security>= 8.0 < 8.0.14006.08.0.14006.0
esetmail_security>= 8.0.10012.0 < 8.0.10018.08.0.10018.0

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.