CVE-2021-4481
Published: 02 June 2026
Summary
CVE-2021-4481 is a high-severity Incorrect Permission Assignment for Critical Resource (CWE-732) vulnerability in Draeger (inferred from references). Its CVSS base score is 8.3 (High).
Operationally, ranked at the 1.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-34847
Vulnerability details
Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute arbitrary code with elevated privileges. Attackers can replace binaries or loaded modules on the host…
more
system to execute code with NT SYSTEM privileges.
- CWE(s)
Related Threats
CVEs Like This One
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Procedures support proper permission assignment for critical resources through documented controls.
Attribute management for resources provides a mechanism to assign and maintain correct permissions based on security labels.
Prevents overly permissive assignments to critical resources by limiting to task needs.
Training policy covers correct permission assignment, reducing the ability to exploit incorrect permission assignments for critical resources.
Training on permission management reduces incorrect permission assignments for critical resources.
Audit logs and logging tools are critical resources whose protection requires correct permission assignments to block unauthorized actions.
Assessments review permission assignments on critical resources to confirm correctness, mitigating exploitation via incorrect permissions.
Certification includes checking that permissions on critical resources are correctly assigned.