CVE-2021-37851 — Improper Handling of Insufficient Permissions or Privileges in Spol S R.O Eset Endpoint Antivirus

CWE-280 — Improper Handling of Insufficient Permissions or Privileges CWE-755 — Improper Handling of Exceptional Conditions3 documents3 sources

Severity

7.8HIGHNVD

CNA7.3

EPSS

0.0%

top 90.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Eset Spol S R.O Eset Endpoint Antivirus Eset Spol S R.O Eset Endpoint Security Eset Spol S R.O Eset Internet Security +16 more

Timeline

PublishedMay 11

Latest updateMay 12

Description

Local privilege escalation in Windows products of ESET allows user who is logged into the system to exploit repair feature of the installer to run malicious code with higher privileges. This issue affects: ESET, spol. s r.o. ESET NOD32 Antivirus 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Internet Security 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Smart Security Premium 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Endpoint Antivirus 6.0 versions prior t…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages19 packages

▶CVEListV5eset_spol_s_r.o/eset_file_security_for_microsoft_windows_server6.0 8.0.12013.0

▶CVEListV5eset_spol_s_r.o/eset_mail_security_for_microsoft_exchange_server6.0 — 8.0.10020.0

▶CVEListV5eset_spol_s_r.o/eset_server_security_for_microsoft_windows_server8.0 — 9.0.12012.0

▶CVEListV5eset_spol_s_r.o/eset_security_for_microsoft_sharepoint_server6.0 — 8.0.15009.0

▶CVEListV5eset_spol_s_r.o/eset_mail_security_for_ibm_domino6.0 — 8.0.14011.0

🔴Vulnerability Details

GHSA

GHSA-vfr8-h6pw-gfpc: Local privilege escalation in Windows products of ESET allows user who is logged into the system to exploit repair feature of the installer to run mal↗2022-05-12

▶

CVEList

Local Privilege Escalation in ESET product for Windows↗2022-05-11

▶