Privilege Escalation through TOCTOU Race Condition in ENSL TP/FW Installation Process

Privilege Escalation through TOCTOU Race Condition in ENSL TP/FW Installation Process

CVE-2021-23892 · HIGH Severity

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

By exploiting a time of check to time of use (TOCTOU) race condition during the Endpoint Security for Linux Threat Prevention and Firewall (ENSL TP/FW) installation process, a local user can perform a privilege escalation attack to obtain administrator privileges for the purpose of executing arbitrary code through insecure use of predictable temporary file locations.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.