Vulnerability CVE-2021-35957


Published: 2021-07-13

Description:
Stormshield Endpoint Security Evolution 2.0.0 through 2.0.2 does not accomplish the intended defense against local administrators who can replace the Visual C++ runtime DLLs (in %WINDIR%\system32) with malicious ones.

Type:

CWE-427

(Uncontrolled Search Path Element)

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.6/10
6.4/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Stormshield -> Endpoint security 

 References:
https://advisories.stormshield.eu
https://advisories.stormshield.eu/2021-045/

Copyright 2024, cxsecurity.com

 

Back to Top