CVE-2022-27167

CWE-280 CWE-755 — Improper Exception Handling3 documents3 sources

Severity

7.1HIGH

EPSS

0.0%

top 90.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Eset, Spol. S R.o. Eset Endpoint Antivirus Eset, Spol. S R.o. Eset Endpoint Security Eset, Spol. S R.o. Eset Internet Security +16 more

Timeline

PublishedMay 10

Latest updateMay 11

Description

Privilege escalation vulnerability in Windows products of ESET, spol. s r.o. allows attacker to exploit "Repair" and "Uninstall" features what may lead to arbitrary file deletion. This issue affects: ESET, spol. s r.o. ESET NOD32 Antivirus 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Internet Security 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Smart Security Premium 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Endpoint Antivirus 6.0 versions prior to 9.0.…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages19 packages

▶CVEListV5eset,_spol._s_r.o./eset_file_security_for_microsoft_windows_server6.0 8.0.12013.0

▶CVEListV5eset,_spol._s_r.o./eset_mail_security_for_microsoft_exchange_server6.0 — 8.0.10020.0

▶CVEListV5eset,_spol._s_r.o./eset_server_security_for_microsoft_windows_server8.0 — 9.0.12012.0

▶CVEListV5eset,_spol._s_r.o./eset_security_for_microsoft_sharepoint_server6.0 — 8.0.15009.0

▶CVEListV5eset,_spol._s_r.o./eset_mail_security_for_ibm_domino6.0 — 8.0.14011.0

🔴Vulnerability Details

GHSA

GHSA-ffxj-qgwf-8rrm: Privilege escalation vulnerability in Windows products of ESET, spol↗2022-05-11

▶

CVEList

Arbitrary File Deletion in ESET products for Windows↗2022-05-10

▶