CVE-2021-37852

LPE in ESET products for Windows

Description

ESET products for Windows allows untrusted process to impersonate the client of a pipe, which can be leveraged by attacker to escalate privileges in the context of NT AUTHORITY\SYSTEM.

Remediation

Workaround:

  • The attack surface can also be eliminated by disabling the Enable advanced scanning via AMSI option in ESET products’ Advanced setup. However, ESET strongly recommends performing an upgrade to a fixed product version and only applying this workaround when the upgrade is not possible for an important reason.

Category

7.8
CVSS
Severity: High
CVSS 3.1 •
CVSS 2.0 •
EPSS 0.04%
Vendor Advisory eset.com
Affected: ESET ESET NOD32 Antivirus
Affected: ESET ESET Internet Security
Affected: ESET ESET Smart Security
Affected: ESET ESET Endpoint Antivirus for Windows
Affected: ESET ESET Endpoint Security for Windows
Affected: ESET ESET Server Security for Microsoft Windows Server
Affected: ESET ESET File Security for Microsoft Windows Server
Affected: ESET ESET Server Security for Microsoft Azure
Affected: ESET ESET Security for Microsoft SharePoint Server
Affected: ESET ESET Mail Security for IBM Domino
Affected: ESET ESET Mail Security for Microsoft Exchange Server
Published at:
Updated at:

References

Link Tags
https://support.eset.com/en/ca8223-local-privilege-escalation-vulnerability-fixed-in-eset-products-for-windows vendor advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-148/ vdb entry third party advisory

Frequently Asked Questions

What is the severity of CVE-2021-37852?
CVE-2021-37852 has been scored as a high severity vulnerability.
How to fix CVE-2021-37852?
As a workaround for remediating CVE-2021-37852: The attack surface can also be eliminated by disabling the Enable advanced scanning via AMSI option in ESET products’ Advanced setup. However, ESET strongly recommends performing an upgrade to a fixed product version and only applying this workaround when the upgrade is not possible for an important reason.
Is CVE-2021-37852 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2021-37852 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-37852?
CVE-2021-37852 affects ESET ESET NOD32 Antivirus, ESET ESET Internet Security, ESET ESET Smart Security, ESET ESET Endpoint Antivirus for Windows, ESET ESET Endpoint Security for Windows, ESET ESET Server Security for Microsoft Windows Server, ESET ESET File Security for Microsoft Windows Server, ESET ESET Server Security for Microsoft Azure, ESET ESET Security for Microsoft SharePoint Server, ESET ESET Mail Security for IBM Domino, ESET ESET Mail Security for Microsoft Exchange Server.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.