Dräger Protector Software Local Privilege Escalation via Insecure File Permissions
Summary
| CVE | CVE-2021-4481 |
|---|---|
| State | PUBLISHED |
| Assigner | VulnCheck |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-06-02 22:16:15 UTC |
| Updated | 2026-06-03 23:16:16 UTC |
| Description | Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute arbitrary code with elevated privileges. Attackers can replace binaries or loaded modules on the host system to execute code with NT SYSTEM privileges. |
Risk And Classification
Primary CVSS: v4.0 8.3 HIGH from [email protected]
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS: 0.000150000 probability, percentile 0.034270000 (date 2026-06-03)
Problem Types: CWE-732 | CWE-732 CWE-732 Incorrect Permission Assignment for Critical Resource
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 4.0 | [email protected] | Secondary | 8.3 | HIGH | CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H/E:X/C... |
| 4.0 | CNA | CVSS | 8.3 | HIGH | CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H |
| 3.1 | [email protected] | Secondary | 8.2 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H |
| 3.1 | CNA | CVSS | 8.2 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H |
CVSS v4.0 Breakdown
Attack Vector
LocalAttack Complexity
LowAttack Requirements
NonePrivileges Required
NoneUser Interaction
ActiveConfidentiality
NoneIntegrity
HighAvailability
HighSub Conf.
NoneSub Integrity
HighSub Availability
HighCVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CVSS v3.1 Breakdown
Attack Vector
LocalAttack Complexity
LowPrivileges Required
NoneUser Interaction
RequiredScope
ChangedConfidentiality
NoneIntegrity
HighAvailability
HighCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Drger | Protector Software | affected 6.4.2 custom | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| www.vulncheck.com/advisories/dr-ger-protector-software-local-privilege-escalati... | [email protected] | www.vulncheck.com | |
| static.draeger.com/security/download/2021-267-01-Draeger-Protector-Software-vuln... | [email protected] | static.draeger.com | |
| static.draeger.com/security | MITRE | static.draeger.com | |
| static.draeger.com/security/download/PSA-21-347-1-SCG-Security-Advisory.pdf | MITRE | static.draeger.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
CNA: Mario Ceballos (en)
There are currently no legacy QID mappings associated with this CVE.