Vulnerabilities > CVE-2021-27579 - Unspecified vulnerability in Snowsoftware Snow Inventory Agent

CVSS 4.4 - MEDIUM

Attack vector

LOCAL

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

snowsoftware

NVD

Published: 2021-02-23

Updated: 2022-07-12

Summary

Snow Inventory Agent through 6.7.0 on Windows uses CPUID to report on processor types and versions that may be deployed and in use across an IT environment. A privilege-escalation vulnerability exists if CPUID is enabled, and thus it should be disabled via configuration settings.

Vulnerable Configurations

Part	Description	Count
Application	Snowsoftware Snowsoftware Snow Inventory Agent 5.3.1 Snowsoftware Snow Inventory Agent 6.0.0 Snowsoftware Snow Inventory Agent 6.0.2 Snowsoftware Snow Inventory Agent 6.1.0 Snowsoftware Snow Inventory Agent 6.2.0 Snowsoftware Snow Inventory Agent 6.2.1 Snowsoftware Snow Inventory Agent 6.3.0 Snowsoftware Snow Inventory Agent 6.5.0 Snowsoftware Snow Inventory Agent 6.6.0 Snowsoftware Snow Inventory Agent 6.7.0	10

References

https://community.snowsoftware.com/s/feed/0D56900009cfHLDCA2