PT-2021-17519 · Snow · Snow Inventory Agent

Published

2021-02-23

Updated

2022-07-12

CVE-2021-27579

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Snow Inventory Agent versions 6.7.0 and earlier

Description A privilege-escalation issue exists in Snow Inventory Agent on Windows when CPUID is enabled, allowing it to report on processor types and versions deployed across an IT environment. To mitigate this, CPUID should be disabled via configuration settings.

Recommendations For Snow Inventory Agent versions 6.7.0 and earlier, disable CPUID via configuration settings to prevent potential privilege escalation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2021-27579

Affected Products

Snow Inventory Agent

PT-2021-17519 · Snow · Snow Inventory Agent

CVE-2021-27579

Related Identifiers

Affected Products

References · 5