Wednesday, October 6, 2021

G Data EndpointProtection Enterprise 17.08.2021 Privilege Escalation

DATA Anti-Virus: Abusing OpenSSL to get local admin

Release Date: 05-Oct-2021
Author: Florian Bogner @
Affected product: G Data’s Security Client “EndpointProtection Enterprise”
Fixed in: all versions after 17.08.2021
Tested on: Windows 10 x64 fully patched
Vulnerability Status: Fixed with new release

Product Description
The most sensitive areas of your systems are your employees’ workstations. Where attachments are opened, passwords are entered, and sensitive data is processed. The servers that make connections across the entire network. And smartphones that come and go with your employees every day. This is precisely where our endpoint security solutions protect your company assets. []

Vulnerability Description
The underlying problem was, that the GdAgentSrv (which is running as SYSTEM) tried to load its OpenSSL configuration from the non-existing path C:\Jenkins\vcpkg-master\packages\openssl-windows_x86-141-static\openssl.cnf (newer versions load from C:\Jenkins\vcpkg-master\packages\openssl-windows_x86-static\openssl.cnf). This can be abused by any local user to load arbitrary libraries (DLLs) and execute untrusted code in the affected process. This leads to a privilege escalation from non-admin user to SYSTEM.

For more information please visit:

Suggested Solution
Users should update to the latest available version.

Disclosure Timeline
10.10.2019: The issue has been identified, documented and reported (ticket number CAS-730826-F7K4R9). No reply received.
11.2020: The issue was communicated again to G Data’s Sales Team in Austria. After initial communication no further feedback.
06.2021: The issues was abused during a security check to overtake another client’s infrastructure.
14.06.2021: G DATA confirms the vulnerability. Public disclosure is planed for 15th September 2021
17.08.2021: Fixed version is released to the public
05.10.2021: Public disclosure


Florian Bogner
Information Security Expert, Speaker

Bee IT Security Consulting GmbH
Nibelungenstra├če 37
3123 A-Schweinern

Tel: +43 660 123 9 454
Mail: [email protected]


Copyright © 2021 Vulnerability Database | Cyber Details™

thank you Templateism for the design - You should have written the code a little more complicated - Nothing Encrypted anymore