Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for ESET Endpoint Antivirus for Windows by ESET, spol. s r.o.

    CVE-2024-11859 (GCVE-0-2024-11859)

    Vulnerability from nvd – Published: 2025-04-07 08:08 – Updated: 2025-04-16 10:52
    VLAI
    Title
    DLL Search Order Hijacking in ESET products for Windows
    Summary
    DLL Search Order Hijacking vulnerability potentially allowed an attacker with administrator privileges to load a malicious dynamic-link library and execute its code.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    Impacted products
    Vendor Product Version
    ESET, spol. s r.o. ESET NOD32 Antivirus Affected: 0 , ≤ 18.0.12.0 (custom)
    Create a notification for this product.
    ESET, spol. s r.o. ESET Internet Security Affected: 0 , ≤ 18.0.12.0 (custom)
    Create a notification for this product.
    ESET, spol. s r.o. ESET Smart Security Premium Affected: 0 , ≤ 18.0.12.0 (custom)
    Create a notification for this product.
    ESET, spol. s r.o. ESET Security Ultimate Affected: 0 , ≤ 18.0.12.0 (custom)
    Create a notification for this product.
    ESET, spol. s r.o. ESET Endpoint Antivirus for Windows Affected: 0 , ≤ 12.0.2038.0 (custom)
    Affected: 0 , ≤ 11.1.2053.2 (custom)
    Create a notification for this product.
    ESET, spol. s r.o. ESET Endpoint Security for Windows Affected: 0 , ≤ 12.0.2038.0 (custom)
    Affected: 0 , ≤ 11.1.2053.2 (custom)
    Create a notification for this product.
    ESET, spol. s r.o. ESET Small Business Security Affected: 0 , ≤ 18.0.12.0 (custom)
    Create a notification for this product.
    ESET, spol. s r.o. ESET Safe Server Affected: 0 , ≤ 18.0.12.0 (custom)
    Create a notification for this product.
    ESET, spol. s r.o. ESET Server Security for Windows Server Affected: 0 , ≤ 11.1.12005.2 (custom)
    Create a notification for this product.
    ESET, spol. s r.o. ESET Mail Security for Microsoft Exchange Server Affected: 0 , ≤ 11.1.10008.0 (custom)
    Affected: 0 , ≤ 11.0.10008.0 (custom)
    Affected: 0 , ≤ 10.1.10014.0 (custom)
    Create a notification for this product.
    ESET, spol. s r.o. ESET Security for Microsoft SharePoint Server Affected: 0 , ≤ 11.1.15001.0 (custom)
    Affected: 0 , ≤ 11.0.15004.0 (custom)
    Affected: 0 , ≤ 10.0.15005.1 (custom)
    Create a notification for this product.
    Date Public
    2025-04-04 20:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-11859",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-07T16:33:40.931389Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-07T16:35:08.284Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ESET NOD32 Antivirus",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThanOrEqual": "18.0.12.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ESET Internet Security",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThanOrEqual": "18.0.12.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ESET Smart Security Premium",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThanOrEqual": "18.0.12.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ESET Security Ultimate",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThanOrEqual": "18.0.12.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ESET Endpoint Antivirus for Windows",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThanOrEqual": "12.0.2038.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "11.1.2053.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ESET Endpoint Security for Windows",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThanOrEqual": "12.0.2038.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "11.1.2053.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ESET Small Business Security",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThanOrEqual": "18.0.12.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ESET Safe Server",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThanOrEqual": "18.0.12.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ESET Server Security for Windows Server",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThanOrEqual": "11.1.12005.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ESET Mail Security for Microsoft Exchange Server",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThanOrEqual": "11.1.10008.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "11.0.10008.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "10.1.10014.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ESET Security for Microsoft SharePoint Server",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThanOrEqual": "11.1.15001.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "11.0.15004.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "10.0.15005.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2025-04-04T20:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "DLL Search Order Hijacking vulnerability potentially allowed an attacker with administrator privileges to load a malicious dynamic-link library and execute its code."
                }
              ],
              "value": "DLL Search Order Hijacking vulnerability potentially allowed an attacker with administrator privileges to load a malicious dynamic-link library and execute its code."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-471",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-471 Search Order Hijacking"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427 Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-16T10:52:29.591Z",
            "orgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
            "shortName": "ESET"
          },
          "references": [
            {
              "url": "https://support.eset.com/en/ca8810-dll-search-order-hijacking-vulnerability-in-eset-products-for-windows-fixed"
            }
          ],
          "source": {
            "advisory": "CA8810",
            "discovery": "UNKNOWN"
          },
          "title": "DLL Search Order Hijacking in ESET products for Windows",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
        "assignerShortName": "ESET",
        "cveId": "CVE-2024-11859",
        "datePublished": "2025-04-07T08:08:22.127Z",
        "dateReserved": "2024-11-27T11:06:09.575Z",
        "dateUpdated": "2025-04-16T10:52:29.591Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-2003 (GCVE-0-2024-2003)

    Vulnerability from nvd – Published: 2024-06-21 07:20 – Updated: 2024-08-01 18:56
    VLAI
    Title
    Local Privilege Escalation in Quarantine of ESET products for Windows
    Summary
    Local privilege escalation vulnerability allowed an attacker to misuse ESET's file operations during a restore operation from quarantine.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    References
    Impacted products
    Vendor Product Version
    ESET, spol. s r.o. ESET NOD32 Antivirus Affected: 0 , < 1610 (custom)
    Create a notification for this product.
    ESET, spol. s r.o. ESET Internet Security Affected: 0 , < 1610 (custom)
    Create a notification for this product.
    ESET, spol. s r.o. ESET Smart Security Premium Affected: 0 , < 1610 (custom)
    Create a notification for this product.
    ESET, spol. s r.o. ESET Security Ultimate Affected: 0 , < 1610 (custom)
    Create a notification for this product.
    ESET, spol. s r.o. ESET Small Business Security Affected: 0 , < 1610 (custom)
    Create a notification for this product.
    ESET, spol. s r.o. ESET Safe Server Affected: 0 , < 1610 (custom)
    Create a notification for this product.
    ESET, spol. s r.o. ESET Endpoint Antivirus for Windows Affected: 0 , < 1610 (custom)
    Create a notification for this product.
    ESET, spol. s r.o. ESET Endpoint Security for Windows Affected: 0 , < 1610 (custom)
    Create a notification for this product.
    ESET, spol. s r.o. ESET Server Security for Windows Server Affected: 0 , < 1610 (custom)
    Create a notification for this product.
    ESET, spol. s r.o. ESET Mail Security for Microsoft Exchange Server Affected: 0 , < 1610 (custom)
    Create a notification for this product.
    ESET, spol. s r.o. ESET Mail Security for IBM Domino Affected: 0 , < 1610 (custom)
    Create a notification for this product.
    ESET, spol. s r.o. ESET Security for Microsoft SharePoint Server Affected: 0 , < 1610 (custom)
    Create a notification for this product.
    ESET, spol. s r.o. ESET File Security for Microsoft Azure Affected: 0 , < 1610 (custom)
    Create a notification for this product.
    eset internet_security Affected: 0 , < 1610 (custom)
        cpe:2.3:a:eset:safe_server:-:*:*:*:*:*:*:*
        cpe:2.3:a:eset:file_security:-:*:*:*:*:azure:*:*
        cpe:2.3:a:eset:security:-:*:*:*:*:sharepoint_server:*:*
        cpe:2.3:a:eset:mail_security:-:*:*:*:*:domino:*:*
        cpe:2.3:a:eset:server_security:-:*:*:*:*:windows_server:*:*
        cpe:2.3:a:eset:endpoint_security:-:*:*:*:*:windows:*:*
        cpe:2.3:a:eset:endpoint_antivirus:-:*:*:*:*:windows:*:*
        cpe:2.3:a:eset:smart_security:-:*:*:*:business:*:*:*
        cpe:2.3:a:eset:security:-:*:*:*:ultimate:*:*:*
        cpe:2.3:a:eset:smart_security:-:*:*:*:premium:*:*:*
        cpe:2.3:a:eset:nod32:-:-:*:*:*:*:*:*
        cpe:2.3:a:eset:internet_security:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-06-20 10:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:eset:safe_server:-:*:*:*:*:*:*:*",
                  "cpe:2.3:a:eset:file_security:-:*:*:*:*:azure:*:*",
                  "cpe:2.3:a:eset:security:-:*:*:*:*:sharepoint_server:*:*",
                  "cpe:2.3:a:eset:mail_security:-:*:*:*:*:domino:*:*",
                  "cpe:2.3:a:eset:server_security:-:*:*:*:*:windows_server:*:*",
                  "cpe:2.3:a:eset:endpoint_security:-:*:*:*:*:windows:*:*",
                  "cpe:2.3:a:eset:endpoint_antivirus:-:*:*:*:*:windows:*:*",
                  "cpe:2.3:a:eset:smart_security:-:*:*:*:business:*:*:*",
                  "cpe:2.3:a:eset:security:-:*:*:*:ultimate:*:*:*",
                  "cpe:2.3:a:eset:smart_security:-:*:*:*:premium:*:*:*",
                  "cpe:2.3:a:eset:nod32:-:-:*:*:*:*:*:*",
                  "cpe:2.3:a:eset:internet_security:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "internet_security",
                "vendor": "eset",
                "versions": [
                  {
                    "lessThan": "1610",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-2003",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-21T14:03:09.499428Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-21T14:18:48.023Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:56:22.634Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.eset.com/ca8674"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Antivirus and antispyware scanner module"
              ],
              "product": "ESET NOD32 Antivirus",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThan": "1610",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Antivirus and antispyware scanner module"
              ],
              "product": "ESET Internet Security",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThan": "1610",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Antivirus and antispyware scanner module"
              ],
              "product": "ESET Smart Security Premium",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThan": "1610",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Antivirus and antispyware scanner module"
              ],
              "product": "ESET Security Ultimate",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThan": "1610",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Antivirus and antispyware scanner module"
              ],
              "product": "ESET Small Business Security",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThan": "1610",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Antivirus and antispyware scanner module"
              ],
              "product": "ESET Safe Server",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThan": "1610",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Antivirus and antispyware scanner module"
              ],
              "product": "ESET Endpoint Antivirus for Windows",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThan": "1610",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Antivirus and antispyware scanner module"
              ],
              "product": "ESET Endpoint Security for Windows",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThan": "1610",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Antivirus and antispyware scanner module"
              ],
              "product": "ESET Server Security for Windows Server",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThan": "1610",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Antivirus and antispyware scanner module"
              ],
              "product": "ESET Mail Security for Microsoft Exchange Server",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThan": "1610",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Antivirus and antispyware scanner module"
              ],
              "product": "ESET Mail Security for IBM Domino",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThan": "1610",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Antivirus and antispyware scanner module"
              ],
              "product": "ESET Security for Microsoft SharePoint Server",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThan": "1610",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Antivirus and antispyware scanner module"
              ],
              "product": "ESET File Security for Microsoft Azure",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThan": "1610",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2024-06-20T10:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Local privilege escalation vulnerability allowed an attacker to misuse ESET\u0027s file operations during a restore operation from quarantine."
                }
              ],
              "value": "Local privilege escalation vulnerability allowed an attacker to misuse ESET\u0027s file operations during a restore operation from quarantine."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-21T07:20:03.749Z",
            "orgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
            "shortName": "ESET"
          },
          "references": [
            {
              "url": "https://support.eset.com/ca8674"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Local Privilege Escalation in Quarantine of ESET products for Windows",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
        "assignerShortName": "ESET",
        "cveId": "CVE-2024-2003",
        "datePublished": "2024-06-21T07:20:03.749Z",
        "dateReserved": "2024-02-29T10:37:14.649Z",
        "dateUpdated": "2024-08-01T18:56:22.634Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-0353 (GCVE-0-2024-0353)

    Vulnerability from nvd – Published: 2024-02-15 07:40 – Updated: 2025-12-10 19:33
    VLAI
    Title
    Local privilege escalation in Windows products
    Summary
    Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete files without having proper permission.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    Impacted products
    Vendor Product Version
    ESET, spol. s r.o. ESET NOD32 Antivirus Affected: 0 , ≤ 16.2.15.0 (custom)
    Create a notification for this product.
    ESET, spol. s r.o. ESET Internet Security Affected: 0 , ≤ 16.2.15.0 (custom)
    Create a notification for this product.
    ESET, spol. s r.o. ESET Smart Security Premium Affected: 0 , ≤ 16.2.15.0 (custom)
    Create a notification for this product.
    ESET, spol. s r.o. ESET Security Ultimate Affected: 0 , ≤ 16.2.15.0 (custom)
    Create a notification for this product.
    ESET, spol. s r.o. ESET Endpoint Antivirus for Windows Affected: 0 , ≤ 10.1.2058.0 (custom)
    Affected: 0 , ≤ 10.0.2049.0 (custom)
    Affected: 0 , ≤ 9.1.2066.0 (custom)
    Affected: 0 , ≤ 8.1.2052.0 (custom)
    Create a notification for this product.
    ESET, spol. s r.o. ESET Endpoint Security for Windows Affected: 0 , ≤ 10.1.2058.0 (custom)
    Affected: 0 , ≤ 10.0.2049.0 (custom)
    Affected: 0 , ≤ 9.1.2066.0 (custom)
    Affected: 0 , ≤ 8.1.2052.0 (custom)
    Create a notification for this product.
    ESET, spol. s r.o. ESET Server Security for Windows Server Affected: 0 , ≤ 10.0.12014.0 (custom)
    Affected: 0 , ≤ 9.0.12018.0 (custom)
    Affected: 0 , ≤ 8.0.12015.0 (custom)
    Affected: 0 , ≤ 7.3.12011.0 (custom)
    Create a notification for this product.
    ESET, spol. s r.o. ESET Mail Security for Microsoft Exchange Server Affected: 0 , ≤ 10.1.10010.0 (custom)
    Affected: 0 , ≤ 10.0.10017.0 (custom)
    Affected: 0 , ≤ 9.0.10011.0 (custom)
    Affected: 0 , ≤ 8.0.10022.0 (custom)
    Affected: 0 , ≤ 7.3.10014.0 (custom)
    Create a notification for this product.
    ESET, spol. s r.o. ESET Mail Security for IBM Domino Affected: 0 , ≤ 10.0.14006.0 (custom)
    Affected: 0 , ≤ 9.0.14007.0 (custom)
    Affected: 0 , ≤ 8.0.14010.0 (custom)
    Affected: 0 , ≤ 7.3.14004.0 (custom)
    Create a notification for this product.
    ESET, spol. s r.o. ESET Security for Microsoft SharePoint Server Affected: 0 , ≤ 10.0.15004.0 (custom)
    Affected: 0 , ≤ 9.0.15005.0 (custom)
    Affected: 0 , ≤ 8.0.15011.0 (custom)
    Affected: 0 , ≤ 7.3.15004.0 (custom)
    Create a notification for this product.
    ESET, spol. s r.o. ESET File Security for Microsoft Azure Affected: 0 , ≤ all versions (custom)
    Create a notification for this product.
    eset nod32_antivirus Affected: 0 , ≤ 16.2.15.0 (custom)
        cpe:2.3:a:eset:nod32_antivirus:*:*:*:*:*:*:*:*
    Create a notification for this product.
    eset internet_security Affected: 0 , ≤ 16.2.15.0 (custom)
        cpe:2.3:a:eset:internet_security:*:*:*:*:*:*:*:*
    Create a notification for this product.
    eset smart_security_premium Affected: 0 , ≤ 16.2.15.0 (custom)
        cpe:2.3:a:eset:smart_security_premium:*:*:*:*:*:*:*:*
    Create a notification for this product.
    eset security_ultimate Affected: 0 , ≤ 16.2.15.0 (custom)
        cpe:2.3:a:eset:security_ultimate:*:*:*:*:*:*:*:*
    Create a notification for this product.
    eset endpoint_antivirus Affected: 0 , ≤ 10.1.2058.0 (custom)
        cpe:2.3:a:eset:endpoint_antivirus:-:*:*:*:*:windows:*:*
    Create a notification for this product.
    eset endpoint_security Affected: 0 , ≤ 10.1.2058.0 (custom)
        cpe:2.3:a:eset:endpoint_security:-:*:*:*:*:windows:*:*
    Create a notification for this product.
    eset server_security Affected: 0 , ≤ 10.0.12014.0 (custom)
        cpe:2.3:a:eset:server_security:-:*:*:*:*:windows_server:*:*
    Create a notification for this product.
    eset mail_security Affected: 0 , ≤ 10.1.10010.0 (custom)
        cpe:2.3:a:eset:mail_security:-:*:*:*:*:exchange_server:*:*
    Create a notification for this product.
    eset mail_security Affected: 0 , ≤ 10.0.14006.0 (custom)
        cpe:2.3:a:eset:mail_security:-:*:*:*:*:domino:*:*
    Create a notification for this product.
    eset security Affected: 0 , ≤ 10.0.15004.0 (custom)
        cpe:2.3:a:eset:security:-:*:*:*:*:sharepoint_server:*:*
    Create a notification for this product.
    eset file_security Affected: 0 , ≤ * (custom)
        cpe:2.3:a:eset:file_security:-:*:*:*:*:azure:*:*
    Create a notification for this product.
    Date Public
    2024-02-14 11:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-12-10T19:33:58.732Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://packetstormsecurity.com/files/182464/ESET-NOD32-Antivirus-18.0.12.0-Unquoted-Service-Path.html"
              },
              {
                "url": "https://packetstormsecurity.com/files/179495/ESET-NOD32-Antivirus-17.2.7.0-Unquoted-Service-Path.html"
              },
              {
                "url": "https://www.exploit-db.com/exploits/51351"
              },
              {
                "url": "https://www.exploit-db.com/exploits/51964"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:eset:nod32_antivirus:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "nod32_antivirus",
                "vendor": "eset",
                "versions": [
                  {
                    "lessThanOrEqual": "16.2.15.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:eset:internet_security:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "internet_security",
                "vendor": "eset",
                "versions": [
                  {
                    "lessThanOrEqual": "16.2.15.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:eset:smart_security_premium:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "smart_security_premium",
                "vendor": "eset",
                "versions": [
                  {
                    "lessThanOrEqual": "16.2.15.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:eset:security_ultimate:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "security_ultimate",
                "vendor": "eset",
                "versions": [
                  {
                    "lessThanOrEqual": "16.2.15.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:eset:endpoint_antivirus:-:*:*:*:*:windows:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "endpoint_antivirus",
                "vendor": "eset",
                "versions": [
                  {
                    "lessThanOrEqual": "10.1.2058.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:eset:endpoint_security:-:*:*:*:*:windows:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "endpoint_security",
                "vendor": "eset",
                "versions": [
                  {
                    "lessThanOrEqual": "10.1.2058.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:eset:server_security:-:*:*:*:*:windows_server:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "server_security",
                "vendor": "eset",
                "versions": [
                  {
                    "lessThanOrEqual": "10.0.12014.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:eset:mail_security:-:*:*:*:*:exchange_server:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mail_security",
                "vendor": "eset",
                "versions": [
                  {
                    "lessThanOrEqual": "10.1.10010.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:eset:mail_security:-:*:*:*:*:domino:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mail_security",
                "vendor": "eset",
                "versions": [
                  {
                    "lessThanOrEqual": "10.0.14006.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:eset:security:-:*:*:*:*:sharepoint_server:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "security",
                "vendor": "eset",
                "versions": [
                  {
                    "lessThanOrEqual": "10.0.15004.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:eset:file_security:-:*:*:*:*:azure:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "file_security",
                "vendor": "eset",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-0353",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-20T19:22:48.853538Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-20T19:53:00.534Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ESET NOD32 Antivirus",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThanOrEqual": "16.2.15.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ESET Internet Security",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThanOrEqual": "16.2.15.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ESET Smart Security Premium",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThanOrEqual": "16.2.15.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ESET Security Ultimate",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThanOrEqual": "16.2.15.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ESET Endpoint Antivirus for Windows",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThanOrEqual": "10.1.2058.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "10.0.2049.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "9.1.2066.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "8.1.2052.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ESET Endpoint Security for Windows",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThanOrEqual": "10.1.2058.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "10.0.2049.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "9.1.2066.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "8.1.2052.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ESET Server Security for Windows Server",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThanOrEqual": "10.0.12014.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "9.0.12018.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "8.0.12015.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "7.3.12011.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ESET Mail Security for Microsoft Exchange Server",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThanOrEqual": "10.1.10010.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "10.0.10017.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "9.0.10011.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "8.0.10022.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "7.3.10014.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ESET Mail Security for IBM Domino",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThanOrEqual": "10.0.14006.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "9.0.14007.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "8.0.14010.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "7.3.14004.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ESET Security for Microsoft SharePoint Server",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThanOrEqual": "10.0.15004.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "9.0.15005.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "8.0.15011.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "7.3.15004.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ESET File Security for Microsoft Azure",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThanOrEqual": "all versions",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2024-02-14T11:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET\u2019s file operations to delete files without having proper permission."
                }
              ],
              "value": "Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET\u2019s file operations to delete files without having proper permission."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-15T07:40:24.786Z",
            "orgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
            "shortName": "ESET"
          },
          "references": [
            {
              "url": "https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed"
            }
          ],
          "source": {
            "advisory": "ca8612",
            "discovery": "UNKNOWN"
          },
          "title": "Local privilege escalation in Windows products",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
        "assignerShortName": "ESET",
        "cveId": "CVE-2024-0353",
        "datePublished": "2024-02-15T07:40:24.786Z",
        "dateReserved": "2024-01-09T14:21:58.755Z",
        "dateUpdated": "2025-12-10T19:33:58.732Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-11859 (GCVE-0-2024-11859)

    Vulnerability from cvelistv5 – Published: 2025-04-07 08:08 – Updated: 2025-04-16 10:52
    VLAI
    Title
    DLL Search Order Hijacking in ESET products for Windows
    Summary
    DLL Search Order Hijacking vulnerability potentially allowed an attacker with administrator privileges to load a malicious dynamic-link library and execute its code.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    Impacted products
    Vendor Product Version
    ESET, spol. s r.o. ESET NOD32 Antivirus Affected: 0 , ≤ 18.0.12.0 (custom)
    Create a notification for this product.
    ESET, spol. s r.o. ESET Internet Security Affected: 0 , ≤ 18.0.12.0 (custom)
    Create a notification for this product.
    ESET, spol. s r.o. ESET Smart Security Premium Affected: 0 , ≤ 18.0.12.0 (custom)
    Create a notification for this product.
    ESET, spol. s r.o. ESET Security Ultimate Affected: 0 , ≤ 18.0.12.0 (custom)
    Create a notification for this product.
    ESET, spol. s r.o. ESET Endpoint Antivirus for Windows Affected: 0 , ≤ 12.0.2038.0 (custom)
    Affected: 0 , ≤ 11.1.2053.2 (custom)
    Create a notification for this product.
    ESET, spol. s r.o. ESET Endpoint Security for Windows Affected: 0 , ≤ 12.0.2038.0 (custom)
    Affected: 0 , ≤ 11.1.2053.2 (custom)
    Create a notification for this product.
    ESET, spol. s r.o. ESET Small Business Security Affected: 0 , ≤ 18.0.12.0 (custom)
    Create a notification for this product.
    ESET, spol. s r.o. ESET Safe Server Affected: 0 , ≤ 18.0.12.0 (custom)
    Create a notification for this product.
    ESET, spol. s r.o. ESET Server Security for Windows Server Affected: 0 , ≤ 11.1.12005.2 (custom)
    Create a notification for this product.
    ESET, spol. s r.o. ESET Mail Security for Microsoft Exchange Server Affected: 0 , ≤ 11.1.10008.0 (custom)
    Affected: 0 , ≤ 11.0.10008.0 (custom)
    Affected: 0 , ≤ 10.1.10014.0 (custom)
    Create a notification for this product.
    ESET, spol. s r.o. ESET Security for Microsoft SharePoint Server Affected: 0 , ≤ 11.1.15001.0 (custom)
    Affected: 0 , ≤ 11.0.15004.0 (custom)
    Affected: 0 , ≤ 10.0.15005.1 (custom)
    Create a notification for this product.
    Date Public
    2025-04-04 20:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-11859",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-07T16:33:40.931389Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-07T16:35:08.284Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ESET NOD32 Antivirus",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThanOrEqual": "18.0.12.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ESET Internet Security",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThanOrEqual": "18.0.12.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ESET Smart Security Premium",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThanOrEqual": "18.0.12.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ESET Security Ultimate",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThanOrEqual": "18.0.12.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ESET Endpoint Antivirus for Windows",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThanOrEqual": "12.0.2038.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "11.1.2053.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ESET Endpoint Security for Windows",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThanOrEqual": "12.0.2038.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "11.1.2053.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ESET Small Business Security",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThanOrEqual": "18.0.12.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ESET Safe Server",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThanOrEqual": "18.0.12.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ESET Server Security for Windows Server",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThanOrEqual": "11.1.12005.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ESET Mail Security for Microsoft Exchange Server",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThanOrEqual": "11.1.10008.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "11.0.10008.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "10.1.10014.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ESET Security for Microsoft SharePoint Server",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThanOrEqual": "11.1.15001.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "11.0.15004.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "10.0.15005.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2025-04-04T20:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "DLL Search Order Hijacking vulnerability potentially allowed an attacker with administrator privileges to load a malicious dynamic-link library and execute its code."
                }
              ],
              "value": "DLL Search Order Hijacking vulnerability potentially allowed an attacker with administrator privileges to load a malicious dynamic-link library and execute its code."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-471",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-471 Search Order Hijacking"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427 Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-16T10:52:29.591Z",
            "orgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
            "shortName": "ESET"
          },
          "references": [
            {
              "url": "https://support.eset.com/en/ca8810-dll-search-order-hijacking-vulnerability-in-eset-products-for-windows-fixed"
            }
          ],
          "source": {
            "advisory": "CA8810",
            "discovery": "UNKNOWN"
          },
          "title": "DLL Search Order Hijacking in ESET products for Windows",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
        "assignerShortName": "ESET",
        "cveId": "CVE-2024-11859",
        "datePublished": "2025-04-07T08:08:22.127Z",
        "dateReserved": "2024-11-27T11:06:09.575Z",
        "dateUpdated": "2025-04-16T10:52:29.591Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-2003 (GCVE-0-2024-2003)

    Vulnerability from cvelistv5 – Published: 2024-06-21 07:20 – Updated: 2024-08-01 18:56
    VLAI
    Title
    Local Privilege Escalation in Quarantine of ESET products for Windows
    Summary
    Local privilege escalation vulnerability allowed an attacker to misuse ESET's file operations during a restore operation from quarantine.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    References
    Impacted products
    Vendor Product Version
    ESET, spol. s r.o. ESET NOD32 Antivirus Affected: 0 , < 1610 (custom)
    Create a notification for this product.
    ESET, spol. s r.o. ESET Internet Security Affected: 0 , < 1610 (custom)
    Create a notification for this product.
    ESET, spol. s r.o. ESET Smart Security Premium Affected: 0 , < 1610 (custom)
    Create a notification for this product.
    ESET, spol. s r.o. ESET Security Ultimate Affected: 0 , < 1610 (custom)
    Create a notification for this product.
    ESET, spol. s r.o. ESET Small Business Security Affected: 0 , < 1610 (custom)
    Create a notification for this product.
    ESET, spol. s r.o. ESET Safe Server Affected: 0 , < 1610 (custom)
    Create a notification for this product.
    ESET, spol. s r.o. ESET Endpoint Antivirus for Windows Affected: 0 , < 1610 (custom)
    Create a notification for this product.
    ESET, spol. s r.o. ESET Endpoint Security for Windows Affected: 0 , < 1610 (custom)
    Create a notification for this product.
    ESET, spol. s r.o. ESET Server Security for Windows Server Affected: 0 , < 1610 (custom)
    Create a notification for this product.
    ESET, spol. s r.o. ESET Mail Security for Microsoft Exchange Server Affected: 0 , < 1610 (custom)
    Create a notification for this product.
    ESET, spol. s r.o. ESET Mail Security for IBM Domino Affected: 0 , < 1610 (custom)
    Create a notification for this product.
    ESET, spol. s r.o. ESET Security for Microsoft SharePoint Server Affected: 0 , < 1610 (custom)
    Create a notification for this product.
    ESET, spol. s r.o. ESET File Security for Microsoft Azure Affected: 0 , < 1610 (custom)
    Create a notification for this product.
    eset internet_security Affected: 0 , < 1610 (custom)
        cpe:2.3:a:eset:safe_server:-:*:*:*:*:*:*:*
        cpe:2.3:a:eset:file_security:-:*:*:*:*:azure:*:*
        cpe:2.3:a:eset:security:-:*:*:*:*:sharepoint_server:*:*
        cpe:2.3:a:eset:mail_security:-:*:*:*:*:domino:*:*
        cpe:2.3:a:eset:server_security:-:*:*:*:*:windows_server:*:*
        cpe:2.3:a:eset:endpoint_security:-:*:*:*:*:windows:*:*
        cpe:2.3:a:eset:endpoint_antivirus:-:*:*:*:*:windows:*:*
        cpe:2.3:a:eset:smart_security:-:*:*:*:business:*:*:*
        cpe:2.3:a:eset:security:-:*:*:*:ultimate:*:*:*
        cpe:2.3:a:eset:smart_security:-:*:*:*:premium:*:*:*
        cpe:2.3:a:eset:nod32:-:-:*:*:*:*:*:*
        cpe:2.3:a:eset:internet_security:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-06-20 10:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:eset:safe_server:-:*:*:*:*:*:*:*",
                  "cpe:2.3:a:eset:file_security:-:*:*:*:*:azure:*:*",
                  "cpe:2.3:a:eset:security:-:*:*:*:*:sharepoint_server:*:*",
                  "cpe:2.3:a:eset:mail_security:-:*:*:*:*:domino:*:*",
                  "cpe:2.3:a:eset:server_security:-:*:*:*:*:windows_server:*:*",
                  "cpe:2.3:a:eset:endpoint_security:-:*:*:*:*:windows:*:*",
                  "cpe:2.3:a:eset:endpoint_antivirus:-:*:*:*:*:windows:*:*",
                  "cpe:2.3:a:eset:smart_security:-:*:*:*:business:*:*:*",
                  "cpe:2.3:a:eset:security:-:*:*:*:ultimate:*:*:*",
                  "cpe:2.3:a:eset:smart_security:-:*:*:*:premium:*:*:*",
                  "cpe:2.3:a:eset:nod32:-:-:*:*:*:*:*:*",
                  "cpe:2.3:a:eset:internet_security:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "internet_security",
                "vendor": "eset",
                "versions": [
                  {
                    "lessThan": "1610",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-2003",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-21T14:03:09.499428Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-21T14:18:48.023Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:56:22.634Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.eset.com/ca8674"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Antivirus and antispyware scanner module"
              ],
              "product": "ESET NOD32 Antivirus",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThan": "1610",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Antivirus and antispyware scanner module"
              ],
              "product": "ESET Internet Security",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThan": "1610",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Antivirus and antispyware scanner module"
              ],
              "product": "ESET Smart Security Premium",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThan": "1610",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Antivirus and antispyware scanner module"
              ],
              "product": "ESET Security Ultimate",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThan": "1610",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Antivirus and antispyware scanner module"
              ],
              "product": "ESET Small Business Security",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThan": "1610",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Antivirus and antispyware scanner module"
              ],
              "product": "ESET Safe Server",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThan": "1610",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Antivirus and antispyware scanner module"
              ],
              "product": "ESET Endpoint Antivirus for Windows",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThan": "1610",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Antivirus and antispyware scanner module"
              ],
              "product": "ESET Endpoint Security for Windows",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThan": "1610",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Antivirus and antispyware scanner module"
              ],
              "product": "ESET Server Security for Windows Server",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThan": "1610",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Antivirus and antispyware scanner module"
              ],
              "product": "ESET Mail Security for Microsoft Exchange Server",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThan": "1610",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Antivirus and antispyware scanner module"
              ],
              "product": "ESET Mail Security for IBM Domino",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThan": "1610",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Antivirus and antispyware scanner module"
              ],
              "product": "ESET Security for Microsoft SharePoint Server",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThan": "1610",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Antivirus and antispyware scanner module"
              ],
              "product": "ESET File Security for Microsoft Azure",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThan": "1610",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2024-06-20T10:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Local privilege escalation vulnerability allowed an attacker to misuse ESET\u0027s file operations during a restore operation from quarantine."
                }
              ],
              "value": "Local privilege escalation vulnerability allowed an attacker to misuse ESET\u0027s file operations during a restore operation from quarantine."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-21T07:20:03.749Z",
            "orgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
            "shortName": "ESET"
          },
          "references": [
            {
              "url": "https://support.eset.com/ca8674"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Local Privilege Escalation in Quarantine of ESET products for Windows",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
        "assignerShortName": "ESET",
        "cveId": "CVE-2024-2003",
        "datePublished": "2024-06-21T07:20:03.749Z",
        "dateReserved": "2024-02-29T10:37:14.649Z",
        "dateUpdated": "2024-08-01T18:56:22.634Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-0353 (GCVE-0-2024-0353)

    Vulnerability from cvelistv5 – Published: 2024-02-15 07:40 – Updated: 2025-12-10 19:33
    VLAI
    Title
    Local privilege escalation in Windows products
    Summary
    Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete files without having proper permission.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    Impacted products
    Vendor Product Version
    ESET, spol. s r.o. ESET NOD32 Antivirus Affected: 0 , ≤ 16.2.15.0 (custom)
    Create a notification for this product.
    ESET, spol. s r.o. ESET Internet Security Affected: 0 , ≤ 16.2.15.0 (custom)
    Create a notification for this product.
    ESET, spol. s r.o. ESET Smart Security Premium Affected: 0 , ≤ 16.2.15.0 (custom)
    Create a notification for this product.
    ESET, spol. s r.o. ESET Security Ultimate Affected: 0 , ≤ 16.2.15.0 (custom)
    Create a notification for this product.
    ESET, spol. s r.o. ESET Endpoint Antivirus for Windows Affected: 0 , ≤ 10.1.2058.0 (custom)
    Affected: 0 , ≤ 10.0.2049.0 (custom)
    Affected: 0 , ≤ 9.1.2066.0 (custom)
    Affected: 0 , ≤ 8.1.2052.0 (custom)
    Create a notification for this product.
    ESET, spol. s r.o. ESET Endpoint Security for Windows Affected: 0 , ≤ 10.1.2058.0 (custom)
    Affected: 0 , ≤ 10.0.2049.0 (custom)
    Affected: 0 , ≤ 9.1.2066.0 (custom)
    Affected: 0 , ≤ 8.1.2052.0 (custom)
    Create a notification for this product.
    ESET, spol. s r.o. ESET Server Security for Windows Server Affected: 0 , ≤ 10.0.12014.0 (custom)
    Affected: 0 , ≤ 9.0.12018.0 (custom)
    Affected: 0 , ≤ 8.0.12015.0 (custom)
    Affected: 0 , ≤ 7.3.12011.0 (custom)
    Create a notification for this product.
    ESET, spol. s r.o. ESET Mail Security for Microsoft Exchange Server Affected: 0 , ≤ 10.1.10010.0 (custom)
    Affected: 0 , ≤ 10.0.10017.0 (custom)
    Affected: 0 , ≤ 9.0.10011.0 (custom)
    Affected: 0 , ≤ 8.0.10022.0 (custom)
    Affected: 0 , ≤ 7.3.10014.0 (custom)
    Create a notification for this product.
    ESET, spol. s r.o. ESET Mail Security for IBM Domino Affected: 0 , ≤ 10.0.14006.0 (custom)
    Affected: 0 , ≤ 9.0.14007.0 (custom)
    Affected: 0 , ≤ 8.0.14010.0 (custom)
    Affected: 0 , ≤ 7.3.14004.0 (custom)
    Create a notification for this product.
    ESET, spol. s r.o. ESET Security for Microsoft SharePoint Server Affected: 0 , ≤ 10.0.15004.0 (custom)
    Affected: 0 , ≤ 9.0.15005.0 (custom)
    Affected: 0 , ≤ 8.0.15011.0 (custom)
    Affected: 0 , ≤ 7.3.15004.0 (custom)
    Create a notification for this product.
    ESET, spol. s r.o. ESET File Security for Microsoft Azure Affected: 0 , ≤ all versions (custom)
    Create a notification for this product.
    eset nod32_antivirus Affected: 0 , ≤ 16.2.15.0 (custom)
        cpe:2.3:a:eset:nod32_antivirus:*:*:*:*:*:*:*:*
    Create a notification for this product.
    eset internet_security Affected: 0 , ≤ 16.2.15.0 (custom)
        cpe:2.3:a:eset:internet_security:*:*:*:*:*:*:*:*
    Create a notification for this product.
    eset smart_security_premium Affected: 0 , ≤ 16.2.15.0 (custom)
        cpe:2.3:a:eset:smart_security_premium:*:*:*:*:*:*:*:*
    Create a notification for this product.
    eset security_ultimate Affected: 0 , ≤ 16.2.15.0 (custom)
        cpe:2.3:a:eset:security_ultimate:*:*:*:*:*:*:*:*
    Create a notification for this product.
    eset endpoint_antivirus Affected: 0 , ≤ 10.1.2058.0 (custom)
        cpe:2.3:a:eset:endpoint_antivirus:-:*:*:*:*:windows:*:*
    Create a notification for this product.
    eset endpoint_security Affected: 0 , ≤ 10.1.2058.0 (custom)
        cpe:2.3:a:eset:endpoint_security:-:*:*:*:*:windows:*:*
    Create a notification for this product.
    eset server_security Affected: 0 , ≤ 10.0.12014.0 (custom)
        cpe:2.3:a:eset:server_security:-:*:*:*:*:windows_server:*:*
    Create a notification for this product.
    eset mail_security Affected: 0 , ≤ 10.1.10010.0 (custom)
        cpe:2.3:a:eset:mail_security:-:*:*:*:*:exchange_server:*:*
    Create a notification for this product.
    eset mail_security Affected: 0 , ≤ 10.0.14006.0 (custom)
        cpe:2.3:a:eset:mail_security:-:*:*:*:*:domino:*:*
    Create a notification for this product.
    eset security Affected: 0 , ≤ 10.0.15004.0 (custom)
        cpe:2.3:a:eset:security:-:*:*:*:*:sharepoint_server:*:*
    Create a notification for this product.
    eset file_security Affected: 0 , ≤ * (custom)
        cpe:2.3:a:eset:file_security:-:*:*:*:*:azure:*:*
    Create a notification for this product.
    Date Public
    2024-02-14 11:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-12-10T19:33:58.732Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://packetstormsecurity.com/files/182464/ESET-NOD32-Antivirus-18.0.12.0-Unquoted-Service-Path.html"
              },
              {
                "url": "https://packetstormsecurity.com/files/179495/ESET-NOD32-Antivirus-17.2.7.0-Unquoted-Service-Path.html"
              },
              {
                "url": "https://www.exploit-db.com/exploits/51351"
              },
              {
                "url": "https://www.exploit-db.com/exploits/51964"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:eset:nod32_antivirus:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "nod32_antivirus",
                "vendor": "eset",
                "versions": [
                  {
                    "lessThanOrEqual": "16.2.15.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:eset:internet_security:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "internet_security",
                "vendor": "eset",
                "versions": [
                  {
                    "lessThanOrEqual": "16.2.15.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:eset:smart_security_premium:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "smart_security_premium",
                "vendor": "eset",
                "versions": [
                  {
                    "lessThanOrEqual": "16.2.15.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:eset:security_ultimate:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "security_ultimate",
                "vendor": "eset",
                "versions": [
                  {
                    "lessThanOrEqual": "16.2.15.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:eset:endpoint_antivirus:-:*:*:*:*:windows:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "endpoint_antivirus",
                "vendor": "eset",
                "versions": [
                  {
                    "lessThanOrEqual": "10.1.2058.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:eset:endpoint_security:-:*:*:*:*:windows:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "endpoint_security",
                "vendor": "eset",
                "versions": [
                  {
                    "lessThanOrEqual": "10.1.2058.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:eset:server_security:-:*:*:*:*:windows_server:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "server_security",
                "vendor": "eset",
                "versions": [
                  {
                    "lessThanOrEqual": "10.0.12014.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:eset:mail_security:-:*:*:*:*:exchange_server:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mail_security",
                "vendor": "eset",
                "versions": [
                  {
                    "lessThanOrEqual": "10.1.10010.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:eset:mail_security:-:*:*:*:*:domino:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mail_security",
                "vendor": "eset",
                "versions": [
                  {
                    "lessThanOrEqual": "10.0.14006.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:eset:security:-:*:*:*:*:sharepoint_server:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "security",
                "vendor": "eset",
                "versions": [
                  {
                    "lessThanOrEqual": "10.0.15004.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:eset:file_security:-:*:*:*:*:azure:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "file_security",
                "vendor": "eset",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-0353",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-20T19:22:48.853538Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-20T19:53:00.534Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ESET NOD32 Antivirus",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThanOrEqual": "16.2.15.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ESET Internet Security",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThanOrEqual": "16.2.15.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ESET Smart Security Premium",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThanOrEqual": "16.2.15.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ESET Security Ultimate",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThanOrEqual": "16.2.15.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ESET Endpoint Antivirus for Windows",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThanOrEqual": "10.1.2058.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "10.0.2049.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "9.1.2066.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "8.1.2052.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ESET Endpoint Security for Windows",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThanOrEqual": "10.1.2058.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "10.0.2049.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "9.1.2066.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "8.1.2052.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ESET Server Security for Windows Server",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThanOrEqual": "10.0.12014.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "9.0.12018.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "8.0.12015.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "7.3.12011.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ESET Mail Security for Microsoft Exchange Server",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThanOrEqual": "10.1.10010.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "10.0.10017.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "9.0.10011.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "8.0.10022.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "7.3.10014.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ESET Mail Security for IBM Domino",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThanOrEqual": "10.0.14006.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "9.0.14007.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "8.0.14010.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "7.3.14004.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ESET Security for Microsoft SharePoint Server",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThanOrEqual": "10.0.15004.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "9.0.15005.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "8.0.15011.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "7.3.15004.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ESET File Security for Microsoft Azure",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThanOrEqual": "all versions",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2024-02-14T11:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET\u2019s file operations to delete files without having proper permission."
                }
              ],
              "value": "Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET\u2019s file operations to delete files without having proper permission."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-15T07:40:24.786Z",
            "orgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
            "shortName": "ESET"
          },
          "references": [
            {
              "url": "https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed"
            }
          ],
          "source": {
            "advisory": "ca8612",
            "discovery": "UNKNOWN"
          },
          "title": "Local privilege escalation in Windows products",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
        "assignerShortName": "ESET",
        "cveId": "CVE-2024-0353",
        "datePublished": "2024-02-15T07:40:24.786Z",
        "dateReserved": "2024-01-09T14:21:58.755Z",
        "dateUpdated": "2025-12-10T19:33:58.732Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }