Description
Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute arbitrary code with elevated privileges. Attackers can replace binaries or loaded modules on the host system to execute code with NT SYSTEM privileges.
Published: 2026-06-02
Score: 8.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises from insecure file system permissions within Dräger Protector Software prior to version 6.4.2. Local attackers can replace or modify binaries and loaded modules on the host system, enabling execution of arbitrary code with NT SYSTEM privileges. This escalates local privileges to full system control, allowing attackers to compromise confidentiality, integrity, and availability of the protected environment.

Affected Systems

Dräger Protector Software from Dräger, with versions up to but excluding 6.4.2, is affected. Systems running any version prior to 6.4.2 are vulnerable.

Risk and Exploitability

The vulnerability carries a CVSS score of 8.3, indicating high severity. EPSS is not available and the vulnerability is not listed in the CISA KEV catalog, but the lack of exploitation data does not diminish the risk to systems that are locally accessible. Attackers need local access and the ability to interact with the protected software; once present, they can replace files controlled by the software, resulting in immediate privilege escalation.

Generated by OpenCVE AI on June 3, 2026 at 03:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Dräger Protector Software to version 6.4.2 or newer.
  • Audit and correct file system permissions on binaries and modules to restrict access to SYSTEM only.
  • Monitor the system for unauthorized file modifications and enforce file integrity checks.

Generated by OpenCVE AI on June 3, 2026 at 03:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 03 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 03 Jun 2026 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Draeger
Draeger protector Software
Vendors & Products Draeger
Draeger protector Software

Wed, 03 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
Description Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute arbitrary code with elevated privileges. Attackers can replace binaries or loaded modules on the host system to execute code with NT SYSTEM privileges.
Title Dräger Protector Software Local Privilege Escalation via Insecure File Permissions
Weaknesses CWE-732
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H'}

cvssV4_0

{'score': 8.3, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H'}

Subscriptions

Draeger Protector Software
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-03T14:07:52.540Z

Reserved: 2026-06-02T19:35:05.384Z

Link: CVE-2021-4480

cve-icon Vulnrichment

Updated: 2026-06-03T13:43:11.527Z

cve-icon NVD

Status : Received

Published: 2026-06-02T22:16:14.450

Modified: 2026-06-02T22:16:14.450

Link: CVE-2021-4480

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-03T10:54:36Z

Weaknesses