CVE-2021-42808 : Security Advisory and Response
Learn about CVE-2021-42808 affecting Thales Sentinel Protection Installer 7.7.0 on Windows. Find mitigation steps and security practices to prevent privilege escalation.
The Sentinel Protection Installer 7.7.0 vulnerability allows local users to escalate privileges.
Understanding CVE-2021-42808
What is CVE-2021-42808?
Thales Sentinel Protection Installer 7.7.0 creates files with full user permissions, enabling privilege escalation.
The Impact of CVE-2021-42808
The vulnerability has a Medium severity score with high impact on confidentiality, integrity, and availability.
Technical Details of CVE-2021-42808
Vulnerability Description
Improper Access Control in the Thales Sentinel Protection Installer allows local users to elevate privileges.
Affected Systems and Versions
- Platform: Windows
- Product: Sentinel Protection Installer
- Vendor: Thales
- Affected Version: 7.7.0
Exploitation Mechanism
The vulnerability exploits improper access control within the Sentinel Protection Installer, granting unauthorized privileges.
Mitigation and Prevention
Immediate Steps to Take
- Update Sentinel Protection Installer to version 7.7.1 or newer.
Long-Term Security Practices
- Regularly review and adjust user permissions to limit access.
- Implement the principle of least privilege to reduce the impact of potential vulnerabilities.
Patching and Updates
Apply security patches promptly to protect systems from known vulnerabilities.