Privilege Escalation Vulnerability in Snow Inventory Agent through 6.7.0 on Windows

Privilege Escalation Vulnerability in Snow Inventory Agent through 6.7.0 on Windows

CVE-2021-27579 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Snow Inventory Agent through 6.7.0 on Windows uses CPUID to report on processor types and versions that may be deployed and in use across an IT environment. A privilege-escalation vulnerability exists if CPUID is enabled, and thus it should be disabled via configuration settings.

Learn more about our Web Application Penetration Testing UK.