Description
Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute arbitrary code with elevated privileges. Attackers can replace binaries or loaded modules on the host system to execute code with NT SYSTEM privileges.
Published: 2026-06-02
Score: 8.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability in Dräger Protector Software stems from insecure file system permissions that allow a local attacker to replace binaries or loaded modules. By doing so, the attacker can execute arbitrary code with NT SYSTEM privileges. This flaw results in local privilege escalation, permitting full control over the affected host.

Affected Systems

Dräger Protector Software versions earlier than 6.4.2 are affected. The vulnerability targets the file permissions used by the application and its supporting modules on hosts running the software.

Risk and Exploitability

The CVSS score of 8.3 indicates a high severity flaw. No EPSS score is available, and the vulnerability is not listed in CISA’s KEV catalog. The attack vector is local; an attacker with access to the host filesystem can modify protected files to achieve system-level execution. Because the exploit requires no remote interaction, the probability of exploitation depends on internal threat presence, but the damage potential is substantial.

Generated by OpenCVE AI on June 3, 2026 at 03:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Dräger Protector Software to version 6.4.2 or newer.
  • Verify that system files and directories used by Protector Software have restrictive permissions, allowing modification only by administrators.
  • Implement file integrity monitoring to detect unauthorized changes to critical binaries or modules.

Generated by OpenCVE AI on June 3, 2026 at 03:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 03 Jun 2026 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Draeger
Draeger protector Software
Vendors & Products Draeger
Draeger protector Software

Wed, 03 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
Description Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute arbitrary code with elevated privileges. Attackers can replace binaries or loaded modules on the host system to execute code with NT SYSTEM privileges.
Title Dräger Protector Software Local Privilege Escalation via Insecure File Permissions
Weaknesses CWE-732
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H'}

cvssV4_0

{'score': 8.3, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H'}

Subscriptions

Draeger Protector Software
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-02T21:32:25.819Z

Reserved: 2026-06-02T19:44:22.579Z

Link: CVE-2021-4481

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-02T22:16:15.503

Modified: 2026-06-02T22:16:15.503

Link: CVE-2021-4481

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-03T10:54:34Z

Weaknesses