CVE-2020-21046: A local privilege escalation vulnerability was identified within the "luminati_net_updater_win_eagleget_com...
A local privilege escalation vulnerability was identified within the "luminati_net_updater_win_eagleget_com" service in EagleGet Downloader version 2.1.5.20 Stable. This issue allows authenticated non-administrative user to escalate their privilege and conduct code execution as a SYSTEM privilege.
Security readout for executives and security teams
Plain-English summary
CVE-2020-21046 is a Windows local privilege escalation issue in EagleGet Downloader 2.1.5.20 Stable. A normal authenticated user may be able to run code with SYSTEM privileges through the named updater service. This matters most on shared workstations, kiosks, developer machines, or any endpoint where non-admin users can log in.
Executive priority
Prioritize remediation on shared or user-accessible Windows endpoints. The issue can turn a low-privileged foothold into SYSTEM control, but available evidence does not show active exploitation or remote attack exposure.
Technical view
The CVE describes local privilege escalation in the `luminati_net_updater_win_eagleget_com` service installed by EagleGet Downloader 2.1.5.20 Stable. The reported impact is code execution as SYSTEM by an authenticated non-administrative user. The source bundle does not provide CVSS, CWE, CPE, patch status, or detailed root-cause mechanics.
Likely exposure
Exposure appears limited to Windows systems with EagleGet Downloader 2.1.5.20 Stable and its updater service installed, especially where untrusted or lower-privileged users have local access.
Exploitation context
The bundle cites a public write-up, but CISA KEV status is false and no cited source in the bundle confirms active exploitation. This is post-authentication local escalation, not a remote unauthenticated entry point.
Researcher notes
Evidence is sparse. The CVE record names the affected version and service but omits CVSS, CWE, CPE, fixed release, and technical root cause. Avoid assuming broader EagleGet versions are affected without vendor or researcher confirmation.
Mitigation direction
Inventory endpoints for EagleGet Downloader 2.1.5.20 Stable.
Remove EagleGet where there is no business requirement.
Check vendor guidance for fixed versions or supported remediation.
Restrict local interactive access on affected shared systems.
Monitor affected hosts for unexpected SYSTEM process activity.
Validation and detection
Confirm whether EagleGet Downloader 2.1.5.20 Stable is installed.
Check for the `luminati_net_updater_win_eagleget_com` service.
Verify non-admin users cannot modify related service files or configuration.
Review endpoint logs for unusual activity tied to the updater service.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
description · low confidence lookup
Execution behavior lookup
The CVE wording references code or command execution, so execution technique review may help defensive triage. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.
The CVE wording references privilege impact, so privilege escalation and authorization behavior review may help. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
0CVSS vectors
3Timeline events
1ADP providers
3Source links
Vulnerability timeline
Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.
CVE reservedCVE Program
The CVE ID was reserved by the assigning CNA.
CVE publishedCVE Program
The CVE record was published.
Jun 24, 2022, 15:11 UTC (UTC+00:00)
CVE updatedCVE Program
The CVE record metadata indicates this as the latest update time.