Main Vulnerability Database Vulnerabilities #VU50878

Security restrictions bypass in Snow Inventory Agent for Windows - #VU50878

Published: February 23, 2021

Vulnerability identifier: #VU50878

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Snow Inventory Agent for Windows

Software vendor:
Snow Software

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to unspecified error, related to usage of the CPUID component for monitoring CPU on client instances. A local user can run a specially crafted program to escalate privileges on the affected system.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vendor recommends to disable CPUID support until the issue is resolved.

External links

https://community.snowsoftware.com/s/article/Snow-Inventory-Agent-for-Windows-vulnerability-000015758

Security restrictions bypass in Snow Inventory Agent for Windows - #VU50878

Description

Remediation

External links

Please verify you're human