Artem Domarev

**Name of the Vulnerable Software and Affected Versions** NitroSense versions 3.x through 3.01.3051 **Description** The software contains a Local Privilege Escalation (LPE) issue where a Windows Named Pipe, which uses a custom protocol to invoke internal functions, is misconfigured. This allows any authenticated local user to execute arbitrary code and delete arbitrary files with NT AUTHORITYSYSTEM privileges, leading to full system compromise with elevated privileges. **Recommendations** Update to version 3.01.3052.

**Name of the Vulnerable Software and Affected Versions** PredatorSense versions 3.00.3136 through 3.00.3196 **Description** A misconfigured Windows Named Pipe uses a custom protocol to invoke internal functions. This allows any authenticated local user to execute arbitrary code and delete arbitrary files with NT AUTHORITYSYSTEM privileges, leading to local privilege escalation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.