CVE-2024-2003

Summary

Local privilege escalation vulnerability allowed an attacker to misuse ESET's file operations during a restore operation from quarantine.

Affected Software

VendorProductVersion RangeStatus
ESET, spol. s r.o.ESET NOD32 Antivirus0 < 1610affected
ESET, spol. s r.o.ESET Internet Security0 < 1610affected
ESET, spol. s r.o.ESET Smart Security Premium0 < 1610affected
ESET, spol. s r.o.ESET Security Ultimate0 < 1610affected
ESET, spol. s r.o.ESET Small Business Security0 < 1610affected
ESET, spol. s r.o.ESET Safe Server0 < 1610affected
ESET, spol. s r.o.ESET Endpoint Antivirus for Windows0 < 1610affected
ESET, spol. s r.o.ESET Endpoint Security for Windows0 < 1610affected
ESET, spol. s r.o.ESET Server Security for Windows Server0 < 1610affected
ESET, spol. s r.o.ESET Mail Security for Microsoft Exchange Server0 < 1610affected
ESET, spol. s r.o.ESET Mail Security for IBM Domino0 < 1610affected
ESET, spol. s r.o.ESET Security for Microsoft SharePoint Server0 < 1610affected
ESET, spol. s r.o.ESET File Security for Microsoft Azure0 < 1610affected

Weaknesses

  • CWE-269: CWE-269 Improper Privilege Management

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References