CVE-2024-0353
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete files without having proper permission.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ESET, spol. s r.o. | ESET NOD32 Antivirus | 0 <= 16.2.15.0 | affected |
| ESET, spol. s r.o. | ESET Internet Security | 0 <= 16.2.15.0 | affected |
| ESET, spol. s r.o. | ESET Smart Security Premium | 0 <= 16.2.15.0 | affected |
| ESET, spol. s r.o. | ESET Security Ultimate | 0 <= 16.2.15.0 | affected |
| ESET, spol. s r.o. | ESET Endpoint Antivirus for Windows | 0 <= 10.1.2058.0 | affected |
| ESET, spol. s r.o. | ESET Endpoint Antivirus for Windows | 0 <= 10.0.2049.0 | affected |
| ESET, spol. s r.o. | ESET Endpoint Antivirus for Windows | 0 <= 9.1.2066.0 | affected |
| ESET, spol. s r.o. | ESET Endpoint Antivirus for Windows | 0 <= 8.1.2052.0 | affected |
| ESET, spol. s r.o. | ESET Endpoint Security for Windows | 0 <= 10.1.2058.0 | affected |
| ESET, spol. s r.o. | ESET Endpoint Security for Windows | 0 <= 10.0.2049.0 | affected |
| ESET, spol. s r.o. | ESET Endpoint Security for Windows | 0 <= 9.1.2066.0 | affected |
| ESET, spol. s r.o. | ESET Endpoint Security for Windows | 0 <= 8.1.2052.0 | affected |
| ESET, spol. s r.o. | ESET Server Security for Windows Server | 0 <= 10.0.12014.0 | affected |
| ESET, spol. s r.o. | ESET Server Security for Windows Server | 0 <= 9.0.12018.0 | affected |
| ESET, spol. s r.o. | ESET Server Security for Windows Server | 0 <= 8.0.12015.0 | affected |
| ESET, spol. s r.o. | ESET Server Security for Windows Server | 0 <= 7.3.12011.0 | affected |
| ESET, spol. s r.o. | ESET Mail Security for Microsoft Exchange Server | 0 <= 10.1.10010.0 | affected |
| ESET, spol. s r.o. | ESET Mail Security for Microsoft Exchange Server | 0 <= 10.0.10017.0 | affected |
| ESET, spol. s r.o. | ESET Mail Security for Microsoft Exchange Server | 0 <= 9.0.10011.0 | affected |
| ESET, spol. s r.o. | ESET Mail Security for Microsoft Exchange Server | 0 <= 8.0.10022.0 | affected |
| ESET, spol. s r.o. | ESET Mail Security for Microsoft Exchange Server | 0 <= 7.3.10014.0 | affected |
| ESET, spol. s r.o. | ESET Mail Security for IBM Domino | 0 <= 10.0.14006.0 | affected |
| ESET, spol. s r.o. | ESET Mail Security for IBM Domino | 0 <= 9.0.14007.0 | affected |
| ESET, spol. s r.o. | ESET Mail Security for IBM Domino | 0 <= 8.0.14010.0 | affected |
| ESET, spol. s r.o. | ESET Mail Security for IBM Domino | 0 <= 7.3.14004.0 | affected |
| ESET, spol. s r.o. | ESET Security for Microsoft SharePoint Server | 0 <= 10.0.15004.0 | affected |
| ESET, spol. s r.o. | ESET Security for Microsoft SharePoint Server | 0 <= 9.0.15005.0 | affected |
| ESET, spol. s r.o. | ESET Security for Microsoft SharePoint Server | 0 <= 8.0.15011.0 | affected |
| ESET, spol. s r.o. | ESET Security for Microsoft SharePoint Server | 0 <= 7.3.15004.0 | affected |
| ESET, spol. s r.o. | ESET File Security for Microsoft Azure | 0 <= all versions | affected |
Weaknesses
- CWE-269: CWE-269 Improper Privilege Management
ADP Enrichment
CVE Program Container
Additional References
- https://packetstormsecurity.com/files/182464/ESET-NOD32-Antivirus-18.0.12.0-Unquoted-Service-Path.html
- https://packetstormsecurity.com/files/179495/ESET-NOD32-Antivirus-17.2.7.0-Unquoted-Service-Path.html
- https://www.exploit-db.com/exploits/51351
- https://www.exploit-db.com/exploits/51964
- https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.