HIGHπŸ‡΅πŸ‡± Wersja polska

CVE-2021-27579

CVSS 7.8v3.1pub. 2021-02-23upd. 2024-11-21

Snow Inventory Agent through 6.7.0 on Windows uses CPUID to report on processor types and versions that may be deployed and in use across an IT environment. A privilege-escalation vulnerability exists if CPUID is enabled, and thus it should be disabled via configuration settings.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Snowsoftware Snow Inventory Agent

    APP
    Snowsoftware
    5.3.1 – 6.7.0
πŸ”΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-1149HIGH7.8ten sam produkt

Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on MacOS, Snow...

CVE-2024-1150HIGH7.8ten sam produkt

Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on Unix allows...

CVE-2023-7169MEDIUM6.0ten sam produkt

Authentication Bypass by Spoofing vulnerability in Snow Software Snow Inventory Agent on Windows allows Signat...

CVE-2021-41562MEDIUM6.1ten sam produkt

A vulnerability in Snow Snow Agent for Windows allows a non-admin user to cause arbitrary deletion of files. T...

CVE-2023-3864HIGH7.2ten sam vendor

Blind SQL injection in a service running in Snow Software license manager from version 8.0.0 up to and includi...

CVE-2021-27579 β€” Snowsoftware β€” Snow Inventory Agent β€” HIGH β€” CVSS 7.8 | CVEbaza.pl