Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for ESET Server Security for Windows Server (File Security) by ESET, spol. s r.o.

    CVE-2023-3160 (GCVE-0-2023-3160)

    Vulnerability from nvd – Published: 2023-08-14 09:27 – Updated: 2024-10-09 20:04
    VLAI
    Title
    Local privilege escalation in security products for Windows
    Summary
    The vulnerability potentially allows an attacker to misuse ESET’s file operations during the module update to delete or move files without having proper permissions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:48:07.675Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.eset.com/en/ca8466"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3160",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-09T20:03:59.300075Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-09T20:04:15.607Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "HIPS"
              ],
              "product": "ESET NOD32 Antivirus",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "1463"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "HIPS"
              ],
              "product": "ESET Internet Security",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "1463"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "HIPS"
              ],
              "product": "ESET Smart Security Premium",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "1463"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "HIPS"
              ],
              "product": "ESET Endpoint Antivirus",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "1463"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "HIPS"
              ],
              "product": "ESET Endpoint Security",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "1463"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "HIPS"
              ],
              "product": "ESET Server Security for Windows Server (File Security)",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "1463"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "HIPS"
              ],
              "product": "ESET Mail Security for Microsoft Exchange Server",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "1463"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "HIPS"
              ],
              "product": "ESET Mail Security for IBM Domino",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "1463"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "HIPS"
              ],
              "product": "ESET Security for Microsoft SharePoint Server",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "1463"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\nThe vulnerability potentially allows an attacker to misuse ESET\u2019s file operations during the module update to delete or move files without having proper permissions."
                }
              ],
              "value": "\nThe vulnerability potentially allows an attacker to misuse ESET\u2019s file operations during the module update to delete or move files without having proper permissions."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-14T09:27:02.427Z",
            "orgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
            "shortName": "ESET"
          },
          "references": [
            {
              "url": "https://support.eset.com/en/ca8466"
            }
          ],
          "source": {
            "advisory": "ca8466",
            "discovery": "EXTERNAL"
          },
          "title": "Local privilege escalation in security products for Windows",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
        "assignerShortName": "ESET",
        "cveId": "CVE-2023-3160",
        "datePublished": "2023-08-14T09:27:02.427Z",
        "dateReserved": "2023-06-08T08:28:28.513Z",
        "dateUpdated": "2024-10-09T20:04:15.607Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3160 (GCVE-0-2023-3160)

    Vulnerability from cvelistv5 – Published: 2023-08-14 09:27 – Updated: 2024-10-09 20:04
    VLAI
    Title
    Local privilege escalation in security products for Windows
    Summary
    The vulnerability potentially allows an attacker to misuse ESET’s file operations during the module update to delete or move files without having proper permissions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:48:07.675Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.eset.com/en/ca8466"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3160",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-09T20:03:59.300075Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-09T20:04:15.607Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "HIPS"
              ],
              "product": "ESET NOD32 Antivirus",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "1463"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "HIPS"
              ],
              "product": "ESET Internet Security",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "1463"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "HIPS"
              ],
              "product": "ESET Smart Security Premium",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "1463"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "HIPS"
              ],
              "product": "ESET Endpoint Antivirus",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "1463"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "HIPS"
              ],
              "product": "ESET Endpoint Security",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "1463"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "HIPS"
              ],
              "product": "ESET Server Security for Windows Server (File Security)",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "1463"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "HIPS"
              ],
              "product": "ESET Mail Security for Microsoft Exchange Server",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "1463"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "HIPS"
              ],
              "product": "ESET Mail Security for IBM Domino",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "1463"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "HIPS"
              ],
              "product": "ESET Security for Microsoft SharePoint Server",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "1463"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\nThe vulnerability potentially allows an attacker to misuse ESET\u2019s file operations during the module update to delete or move files without having proper permissions."
                }
              ],
              "value": "\nThe vulnerability potentially allows an attacker to misuse ESET\u2019s file operations during the module update to delete or move files without having proper permissions."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-14T09:27:02.427Z",
            "orgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
            "shortName": "ESET"
          },
          "references": [
            {
              "url": "https://support.eset.com/en/ca8466"
            }
          ],
          "source": {
            "advisory": "ca8466",
            "discovery": "EXTERNAL"
          },
          "title": "Local privilege escalation in security products for Windows",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
        "assignerShortName": "ESET",
        "cveId": "CVE-2023-3160",
        "datePublished": "2023-08-14T09:27:02.427Z",
        "dateReserved": "2023-06-08T08:28:28.513Z",
        "dateUpdated": "2024-10-09T20:04:15.607Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }