eScan Anti-Virus Local privilege escalation Vulnerability
CVE-2021-26624

7.8HIGH

Key Information:

Vendor: Microworld Technologies Inc.
Status: Escan Anti-virus For Linux
Vendor: CVE Published:; 1 April 2022

🔔 Create Microworld Technologies Inc. Vulnerability Alert

What is CVE-2021-26624?

An local privilege escalation vulnerability due to a "runasroot" command in eScan Anti-Virus. This vulnerability is due to invalid arguments and insufficient execution conditions related to "runasroot" command. This vulnerability can induce remote attackers to exploit root privileges by manipulating parameter values.

Affected Version(s)

eScan Anti-Virus for Linux Linux <= 7.0.31

References

https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 1, 2022
Vulnerability Reserved
Feb 3, 2021