CVE-2021-26624

Published: Apr 1, 2022Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

An local privilege escalation vulnerability due to a "runasroot" command in eScan Anti-Virus. This vulnerability is due to invalid arguments and insufficient execution conditions related to "runasroot" command. This vulnerability can induce remote attackers to exploit root privileges by manipulating parameter values.

Affected (1)

Products: Escanav: Escan Anti Virus

1 product

Escan Anti Virus

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Escanav Escan Anti Virus	Before 7.0.31

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66596

Source: vuln@krcert.or.kr

Third Party Advisory

https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66596

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.