CVE-2023-2847

CWE-269 — Improper Privilege Management CWE-7034 documents4 sources

Severity

7.8HIGH

EPSS

0.1%

top 84.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Eset Cyber Security Eset Endpoint Antivirus Eset Server Security

Timeline

PublishedJun 15

Description

During internal security analysis, a local privilege escalation vulnerability has been identified. On a machine with the affected ESET product installed, it was possible for a user with lower privileges due to improper privilege management to trigger actions with root privileges. ESET remedied this possible attack vector and has prepared new builds of its products that are no longer susceptible to this vulnerability.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 1.1 | Impact: 6.0

Affected Packages3 packages

▶NVDeset/cyber_security7.3.0 — 7.3.3700.0

▶NVDeset/server_security9.0.464.0 — 9.0.466.0+2

▶NVDeset/endpoint_antivirus7.0.0 — 7.3.3600.0+3

🔴Vulnerability Details

GHSA

GHSA-5p64-g2j6-m9w7: During internal security analysis, a local privilege escalation vulnerability has been identified↗2023-06-15

▶

CVEList

Local privilege escalation in ESET products for Linux and MacOS↗2023-06-15

▶