CVE-2021-4480— Dräger Protector Software Local Privilege Escalation via Insecure File Permissions
Possible ATT&CK Techniques 1AI
T1068 · Exploitation for Privilege EscalationGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-4480
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Dräger Protector Software Local Privilege Escalation via Insecure File Permissions
Source: NVD (National Vulnerability Database)
Vulnerability Description
Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute arbitrary code with elevated privileges. Attackers can replace binaries or loaded modules on the host system to execute code with NT SYSTEM privileges.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
关键资源的不正确权限授予
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Dräger | Protector Software | 0 ~ 6.4.2 | - |
II. Public POCs for CVE-2021-4480
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2021-4480
请登录查看更多情报信息。
Vendor Advisories for CVE-2021-4480 (1)
Same Patch Batch · Dräger · 2026-06-02 · 13 CVEs total
| CVE-2019-25719 | 8.6 HIGH | Dräger Infinity M540 VG4.1.1 Spoofing and DoS via Network Message Handling |
| CVE-2022-4992 | 8.6 HIGH | Dräger Infinity M540 VG4.1.1 Spoofed Network Message Handling DoS/Tampering |
| CVE-2021-4478 | 8.2 HIGH | Dräger CC-Vision Basic and CC-Vision E-Cal Out-of-Bounds Write via Malicious GDT File |
| CVE-2021-4481 | 8.2 HIGH | Dräger Protector Software Local Privilege Escalation via Insecure File Permissions |
| CVE-2019-25722 | 7.6 HIGH | Dräger SC Monitoring Devices Hard-coded Credentials and DoS |
| CVE-2024-14036 | 7.5 HIGH | Dräger Core 1.0.5 Denial of Service via Malformed SDC Message |
| CVE-2025-15653 | 6.8 MEDIUM | Dräger Zeus IE Anesthesia Workstation USB Interface Privilege Escalation |
| CVE-2019-25724 | 6.5 MEDIUM | Dräger Infinity M300 VG2.x Network-Based Denial of Service |
| CVE-2019-25721 | 6.5 MEDIUM | Dräger Infinity M300 VG2.3.1 Network-Based Denial of Service |
| CVE-2019-25717 | 4.3 MEDIUM | Dräger Infinity Delta/Kappa Patient Monitors Unauthenticated Log File Disclosure |
| CVE-2019-25723 | 4.0 MEDIUM | Dräger Perseus A500 2.00-2.02 DoS via Medibus Interface |
| CVE-2021-4479 | 4.0 MEDIUM | Dräger Atlan A350 1.00-1.01 DoS via Medibus Interface |
IV. Related Vulnerabilities
Same vendor: Dräger
- CVE-2021-4481
Dräger Protector Software Local Privilege Escalation via Ins - CVE-2025-15653
Dräger Zeus IE Anesthesia Workstation USB Interface Privileg - CVE-2024-14036
Dräger Core 1.0.5 Denial of Service via Malformed SDC Messag - CVE-2022-4992
Dräger Infinity M540 VG4.1.1 Spoofed Network Message Handlin - CVE-2021-4479
Dräger Atlan A350 1.00-1.01 DoS via Medibus Interface
Same weakness: CWE-732
- CVE-2021-4481
Dräger Protector Software Local Privilege Escalation via Ins - CVE-2026-10591
Kiro IDE Insufficient File Write Restrictions to Execution-S - CVE-2026-27788
ServerView Agents Windows V11.60.04及以前版本权限配置错误漏洞 - CVE-2026-9508
Incorrect Permission Assignment for Critical Resource vulner - CVE-2026-7480
ASUS System Control Interface 安全漏洞
V. Comments for CVE-2021-4480
No comments yet