CVE-2021-4480 | THREATINT

Description

Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute arbitrary code with elevated privileges. Attackers can replace binaries or loaded modules on the host system to execute code with NT SYSTEM privileges.

PUBLISHED Reserved 2026-06-02 | Published 2026-06-02 | Updated 2026-06-02 | Assigner VulnCheck

HIGH: 8.3CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H

HIGH: 8.2CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H

Problem types

CWE-732 Incorrect Permission Assignment for Critical Resource

Product status

Default status

unaffected

Any version before 6.4.2

affected

Credits

Mario Ceballos finder

References

static.draeger.com/security vendor-advisory

www.vulncheck.com/...scalation-via-insecure-file-permissions third-party-advisory

cve.org (CVE-2021-4480)

nvd.nist.gov (CVE-2021-4480)

Download JSON