CVE-2023-7043

Summary

Unquoted service path in ESET products allows to

drop a prepared program to a specific location and run on boot with the

NT AUTHORITY\NetworkService permissions.

Affected Software

VendorProductVersion RangeStatus
ESET, spol. s r.o.ESET Endpoint Security10.1.2046.x <= 10.1.2063.xaffected
ESET, spol. s r.o.ESET Endpoint Antivirus10.1.2046.x <= 10.1.2063.xaffected
ESET, spol. s r.o.ESET NOD32 Antivirus16.1.14.0 <= 16.2.15.0affected
ESET, spol. s r.o.ESET Internet Security16.1.14.0 <= 16.2.15.0affected
ESET, spol. s r.o.ESET Smart Security Premium16.1.14.0 <= 16.2.15.0affected
ESET, spol. s r.o.ESET Mail Security for Microsoft Exchange Server10.1.10012.0affected

Weaknesses

  • CWE-428: CWE-428 Unquoted Search Path or Element

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References