CVE-2024-0353

CWE-269 — Improper Privilege Management3 documents3 sources

Severity

7.8HIGH

EPSS

0.1%

top 81.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Eset Endpoint Antivirus Eset Endpoint Security Eset Internet Security +16 more

Timeline

PublishedFeb 15

Description

Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete files without having proper permission.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages19 packages

▶CVEListV5eset,_spol._s_r.o./eset_file_security_for_microsoft_azureall versions

▶NVDeset/security8.0 — 8.0.15012.0+4

▶NVDeset/mail_security8.0 — 8.0.10024.0+8

▶NVDeset/smart_security< 17.0.10.0

▶NVDeset/nod32_antivirus< 17.0.10.0

🔴Vulnerability Details

CVEList

Local privilege escalation in Windows products↗2024-02-15

▶

GHSA

GHSA-8m6h-q36w-xvg7: Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete files without having proper permis↗2024-02-15

▶

External resources

NVD MITRE

Affected products19

Eset Endpoint Antivirusfixed in 8.1.2062.0≥ 9.0, < 9.1.2071.0≥ 10.0, < 10.0.2052.0+2 more

Eset Endpoint Securityfixed in 8.1.2062.0≥ 9.0, < 9.1.2071.0≥ 10.0, < 10.0.2052.0+2 more

Eset Internet Securityfixed in 17.0.10.0

Eset Mail Securityfixed in 7.3.10018.0fixed in 7.3.14006.0≥ 8.0, < 8.0.10024.0+6 more

Eset Nod32 Antivirusfixed in 17.0.10.0

Eset Securityfixed in 7.3.15006.0fixed in 17.0.10.0≥ 8.0, < 8.0.15012.0+2 more

Eset Server Securityfixed in 7.3.12013.0≥ 8.0, < 8.0.12016.0≥ 9.0, < 9.0.12019.0+1 more

Eset Smart Securityfixed in 17.0.10.0

Eset, Spol. S R.o. Eset Endpoint Antivirus FOR Windows≤ 10.1.2058.0≤ 10.0.2049.0≤ 9.1.2066.0+1 more

Eset, Spol. S R.o. Eset Endpoint Security FOR Windows≤ 10.1.2058.0≤ 10.0.2049.0≤ 9.1.2066.0+1 more

Disclosure

PublishedFeb 15, 2024