CVE-2024-7400 — Insecure Operation on Windows Junction / Mount Point in Spol S R.O Eset Endpoint Antivirus

CWE-1386 — Insecure Operation on Windows Junction / Mount Point4 documents4 sources

Severity

8.5HIGHNVD

EPSS

0.1%

top 69.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Eset Spol S R.O Eset Endpoint Antivirus Eset Spol S R.O Eset Endpoint Security FOR Windows Eset Spol S R.O Eset File Security FOR Microsoft Azure +10 more

Timeline

PublishedSep 27

Latest updateJan 8

Description

The vulnerability potentially allowed an attacker to misuse ESET’s file operations during the removal of a detected file on the Windows operating system to delete files without having proper permissions to do so.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages13 packages

▶CVEListV5eset_spol_s_r.o/eset_file_security_for_microsoft_azure1250

▶CVEListV5eset_spol_s_r.o/eset_endpoint_security_for_windows1250

▶CVEListV5eset_spol_s_r.o/eset_server_security_for_windows_server1250

▶CVEListV5eset_spol_s_r.o/eset_safe_server1250

▶CVEListV5eset_spol_s_r.o/eset_nod32_antivirus1250

🔴Vulnerability Details

OSV

powerpc/prom_init: Fixup missing powermac #size-cells↗2025-01-08

▶

CVEList

Local privilege escalation in ESET products for Windows↗2024-09-27

▶

GHSA

GHSA-3f69-f27h-f53w: The vulnerability potentially allowed an attacker to misuse ESET’s file operations during the removal of a detected file on the Windows operating syst↗2024-09-27

▶