Primary

Context

Acer NitroSense Local Privilege Escalation Vulnerability

Vulnerability

A local privilege escalation vulnerability exists in Acer NitroSense software versions prior to 3.01.3052. The issue arises from the PSAdminAgent service, which creates a Named Pipe with a weak Access Control List (ACL). This configuration allows any authenticated local user to connect and send commands. The vulnerability is exploited because the service fails to verify the caller's privileges before executing file deletion commands, enabling a low-privileged local user to delete arbitrary files with system authority.

Impact

Exploitation of this vulnerability allows low-privileged local users to delete arbitrary files with system privileges.

Remediation

Users can update to Acer NitroSense version 3.01.3052 or later to address this vulnerability.

Added: May 28, 2026, 6:06 AM

Updated: May 28, 2026, 6:06 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

9.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

9.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Acer NitroSense Local Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Acer NitroSense

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating