CVE-2024-0353

Summary

Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete files without having proper permission.

Affected Software

VendorProductVersion RangeStatus
ESET, spol. s r.o.ESET NOD32 Antivirus0 <= 16.2.15.0affected
ESET, spol. s r.o.ESET Internet Security0 <= 16.2.15.0affected
ESET, spol. s r.o.ESET Smart Security Premium0 <= 16.2.15.0affected
ESET, spol. s r.o.ESET Security Ultimate0 <= 16.2.15.0affected
ESET, spol. s r.o.ESET Endpoint Antivirus for Windows0 <= 10.1.2058.0affected
ESET, spol. s r.o.ESET Endpoint Antivirus for Windows0 <= 10.0.2049.0affected
ESET, spol. s r.o.ESET Endpoint Antivirus for Windows0 <= 9.1.2066.0affected
ESET, spol. s r.o.ESET Endpoint Antivirus for Windows0 <= 8.1.2052.0affected
ESET, spol. s r.o.ESET Endpoint Security for Windows0 <= 10.1.2058.0affected
ESET, spol. s r.o.ESET Endpoint Security for Windows0 <= 10.0.2049.0affected
ESET, spol. s r.o.ESET Endpoint Security for Windows0 <= 9.1.2066.0affected
ESET, spol. s r.o.ESET Endpoint Security for Windows0 <= 8.1.2052.0affected
ESET, spol. s r.o.ESET Server Security for Windows Server0 <= 10.0.12014.0affected
ESET, spol. s r.o.ESET Server Security for Windows Server0 <= 9.0.12018.0affected
ESET, spol. s r.o.ESET Server Security for Windows Server0 <= 8.0.12015.0affected
ESET, spol. s r.o.ESET Server Security for Windows Server0 <= 7.3.12011.0affected
ESET, spol. s r.o.ESET Mail Security for Microsoft Exchange Server0 <= 10.1.10010.0affected
ESET, spol. s r.o.ESET Mail Security for Microsoft Exchange Server0 <= 10.0.10017.0affected
ESET, spol. s r.o.ESET Mail Security for Microsoft Exchange Server0 <= 9.0.10011.0affected
ESET, spol. s r.o.ESET Mail Security for Microsoft Exchange Server0 <= 8.0.10022.0affected
ESET, spol. s r.o.ESET Mail Security for Microsoft Exchange Server0 <= 7.3.10014.0affected
ESET, spol. s r.o.ESET Mail Security for IBM Domino0 <= 10.0.14006.0affected
ESET, spol. s r.o.ESET Mail Security for IBM Domino0 <= 9.0.14007.0affected
ESET, spol. s r.o.ESET Mail Security for IBM Domino0 <= 8.0.14010.0affected
ESET, spol. s r.o.ESET Mail Security for IBM Domino0 <= 7.3.14004.0affected
ESET, spol. s r.o.ESET Security for Microsoft SharePoint Server0 <= 10.0.15004.0affected
ESET, spol. s r.o.ESET Security for Microsoft SharePoint Server0 <= 9.0.15005.0affected
ESET, spol. s r.o.ESET Security for Microsoft SharePoint Server0 <= 8.0.15011.0affected
ESET, spol. s r.o.ESET Security for Microsoft SharePoint Server0 <= 7.3.15004.0affected
ESET, spol. s r.o.ESET File Security for Microsoft Azure0 <= all versionsaffected

Weaknesses

  • CWE-269: CWE-269 Improper Privilege Management

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References