cbcvebase.
CVE-2022-27167
published 2022-05-10

CVE-2022-27167: Privilege escalation vulnerability in Windows products of ESET, spol. s r.o. allows attacker to exploit "Repair" and "Uninstall" features what may lead to…

PriorityP434high7.1CVSS 3.1
AVLACLPRLUINSUCNIHAH
EPSS
0.18%
8.0th percentile
Privilege escalation vulnerability in Windows products of ESET, spol. s r.o. allows attacker to exploit "Repair" and "Uninstall" features what may lead to arbitrary file deletion. This issue affects: ESET, spol. s r.o. ESET NOD32 Antivirus 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Internet Security 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Smart Security Premium 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Endpoint Antivirus 6.0 versions prior to 9.0.2046.0. ESET, spol. s r.o. ESET Endpoint Security 6.0 versions prior to 9.0.2046.0. ESET, spol. s r.o. ESET Server Security for Microsoft Windows Server 8.0 versions prior to 9.0.12012.0. ESET, spol. s r.o. ESET File Security for Microsoft Windows Server 8.0.12013.0. ESET, spol. s r.o. ESET Mail Security for Microsoft Exchange Server 6.0 versions prior to 8.0.10020.0. ESET, spol. s r.o. ESET Mail Security for IBM Domino 6.0 versions prior to 8.0.14011.0. ESET, spol. s r.o. ESET Security for Microsoft SharePoint Server 6.0 versions prior to 8.0.15009.0.

Affected

25 ranges
VendorProductVersion rangeFixed in
esetendpoint_antivirus>= 6.0 < 8.0.2053.08.0.2053.0
esetendpoint_antivirus>= 8.1 < 8.1.2050.08.1.2050.0
esetendpoint_antivirus>= 9.0 < 9.0.2046.09.0.2046.0
esetendpoint_security>= 6.0 < 8.0.2053.08.0.2053.0
esetendpoint_security>= 8.1 < 8.1.2050.08.1.2050.0
esetendpoint_security>= 9.0 < 9.0.2046.09.0.2046.0
esetfile_security>= 6.0 < 8.0.12013.08.0.12013.0
esetinternet_security>= 11.2 < 15.1.12.015.1.12.0
esetmail_security>= 6.0 < 8.0.10020.08.0.10020.0
esetmail_security>= 6.0 < 8.0.14011.08.0.14011.0
esetnod32_antivirus>= 11.2 < 15.1.12.015.1.12.0
esetsecurity>= 6.0 < 8.0.15009.08.0.15009.0
esetserver_security>= 6.0
esetserver_security>= 8.0 < 9.0.12012.09.0.12012.0
esetsmart_security>= 11.2 < 15.1.12.015.1.12.0
eset_spol_s_r.oeset_endpoint_antivirus>= 6.0 < 9.0.2046.09.0.2046.0
eset_spol_s_r.oeset_endpoint_security>= 6.0 < 9.0.2046.09.0.2046.0
eset_spol_s_r.oeset_file_security_for_microsoft_windows_server
eset_spol_s_r.oeset_internet_security>= 11.2 < 15.1.12.015.1.12.0
eset_spol_s_r.oeset_mail_security_for_ibm_domino>= 6.0 < 8.0.14011.08.0.14011.0
eset_spol_s_r.oeset_mail_security_for_microsoft_exchange_server>= 6.0 < 8.0.10020.08.0.10020.0
eset_spol_s_r.oeset_nod32_antivirus>= 11.2 < 15.1.12.015.1.12.0
eset_spol_s_r.oeset_security_for_microsoft_sharepoint_server>= 6.0 < 8.0.15009.08.0.15009.0
eset_spol_s_r.oeset_server_security_for_microsoft_windows_server>= 8.0 < 9.0.12012.09.0.12012.0
eset_spol_s_r.oeset_smart_security_premium>= 11.2 < 15.1.12.015.1.12.0

CVSS provenance

nvdv3.17.1HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
nvdv2.03.6LOWAV:L/AC:L/Au:N/C:N/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.