cbcvebase.
CVE-2023-7043
published 2024-01-31

CVE-2023-7043: Unquoted service path in ESET products allows to drop a prepared program to a specific location and run on boot with the NT AUTHORITY\NetworkService…

PriorityP422medium5.5CVSS 3.1
AVLACLPRLUINSUCNIHAN
EPSS
0.28%
19.9th percentile
Unquoted service path in ESET products allows to drop a prepared program to a specific location and run on boot with the NT AUTHORITY\NetworkService permissions.

Affected

12 ranges
VendorProductVersion rangeFixed in
esetendpoint_antivirus>= 10.1.2046.0 < 11.0.2032.011.0.2032.0
esetendpoint_security>= 10.1.2046.0 < 11.0.2032.011.0.2032.0
esetinternet_security>= 16.1.14.0 < 17.0.15.017.0.15.0
esetmail_security
esetnod32_antivirus>= 16.1.14.0 < 17.0.15.017.0.15.0
esetsmart_security_premium>= 16.1.14.0 < 17.0.15.017.0.15.0
eset_spol_s_r.oeset_endpoint_antivirus10.1.2046.x – 10.1.2063.x
eset_spol_s_r.oeset_endpoint_security10.1.2046.x – 10.1.2063.x
eset_spol_s_r.oeset_internet_security16.1.14.0 – 16.2.15.0
eset_spol_s_r.oeset_mail_security_for_microsoft_exchange_server
eset_spol_s_r.oeset_nod32_antivirus16.1.14.0 – 16.2.15.0
eset_spol_s_r.oeset_smart_security_premium16.1.14.0 – 16.2.15.0
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.