Vulnerability-Lookup

CVE-2024-0353 (GCVE-0-2024-0353)

Vulnerability from cvelistv5 – Published: 2024-02-15 07:40 – Updated: 2025-12-10 19:33

Title

Local privilege escalation in Windows products

Summary

Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete files without having proper permission.

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-269 - Improper Privilege Management

Assigner

ESET

References

5 references

URL	Tags
https://support.eset.com/en/ca8612-eset-customer-…
https://packetstormsecurity.com/files/182464/ESET…
https://packetstormsecurity.com/files/179495/ESET…
https://www.exploit-db.com/exploits/51351
https://www.exploit-db.com/exploits/51964

Impacted products

22 products

Vendor	Product	Version
ESET, spol. s r.o.	ESET NOD32 Antivirus	Affected: 0 , ≤ 16.2.15.0 (custom)
ESET, spol. s r.o.	ESET Internet Security	Affected: 0 , ≤ 16.2.15.0 (custom)
ESET, spol. s r.o.	ESET Smart Security Premium	Affected: 0 , ≤ 16.2.15.0 (custom)
ESET, spol. s r.o.	ESET Security Ultimate	Affected: 0 , ≤ 16.2.15.0 (custom)
ESET, spol. s r.o.	ESET Endpoint Antivirus for Windows	Affected: 0 , ≤ 10.1.2058.0 (custom) Affected: 0 , ≤ 10.0.2049.0 (custom) Affected: 0 , ≤ 9.1.2066.0 (custom) Affected: 0 , ≤ 8.1.2052.0 (custom)
ESET, spol. s r.o.	ESET Endpoint Security for Windows	Affected: 0 , ≤ 10.1.2058.0 (custom) Affected: 0 , ≤ 10.0.2049.0 (custom) Affected: 0 , ≤ 9.1.2066.0 (custom) Affected: 0 , ≤ 8.1.2052.0 (custom)
ESET, spol. s r.o.	ESET Server Security for Windows Server	Affected: 0 , ≤ 10.0.12014.0 (custom) Affected: 0 , ≤ 9.0.12018.0 (custom) Affected: 0 , ≤ 8.0.12015.0 (custom) Affected: 0 , ≤ 7.3.12011.0 (custom)
ESET, spol. s r.o.	ESET Mail Security for Microsoft Exchange Server	Affected: 0 , ≤ 10.1.10010.0 (custom) Affected: 0 , ≤ 10.0.10017.0 (custom) Affected: 0 , ≤ 9.0.10011.0 (custom) Affected: 0 , ≤ 8.0.10022.0 (custom) Affected: 0 , ≤ 7.3.10014.0 (custom)
ESET, spol. s r.o.	ESET Mail Security for IBM Domino	Affected: 0 , ≤ 10.0.14006.0 (custom) Affected: 0 , ≤ 9.0.14007.0 (custom) Affected: 0 , ≤ 8.0.14010.0 (custom) Affected: 0 , ≤ 7.3.14004.0 (custom)
ESET, spol. s r.o.	ESET Security for Microsoft SharePoint Server	Affected: 0 , ≤ 10.0.15004.0 (custom) Affected: 0 , ≤ 9.0.15005.0 (custom) Affected: 0 , ≤ 8.0.15011.0 (custom) Affected: 0 , ≤ 7.3.15004.0 (custom)
ESET, spol. s r.o.	ESET File Security for Microsoft Azure	Affected: 0 , ≤ all versions (custom)
eset	nod32_antivirus	Affected: 0 , ≤ 16.2.15.0 (custom) cpe:2.3:a:eset:nod32_antivirus::::::::
eset	internet_security	Affected: 0 , ≤ 16.2.15.0 (custom) cpe:2.3:a:eset:internet_security::::::::
eset	smart_security_premium	Affected: 0 , ≤ 16.2.15.0 (custom) cpe:2.3:a:eset:smart_security_premium::::::::
eset	security_ultimate	Affected: 0 , ≤ 16.2.15.0 (custom) cpe:2.3:a:eset:security_ultimate::::::::
eset	endpoint_antivirus	Affected: 0 , ≤ 10.1.2058.0 (custom) cpe:2.3:a:eset:endpoint_antivirus:-:::::windows::
eset	endpoint_security	Affected: 0 , ≤ 10.1.2058.0 (custom) cpe:2.3:a:eset:endpoint_security:-:::::windows::
eset	server_security	Affected: 0 , ≤ 10.0.12014.0 (custom) cpe:2.3:a:eset:server_security:-:::::windows_server::
eset	mail_security	Affected: 0 , ≤ 10.1.10010.0 (custom) cpe:2.3:a:eset:mail_security:-:::::exchange_server::
eset	mail_security	Affected: 0 , ≤ 10.0.14006.0 (custom) cpe:2.3:a:eset:mail_security:-:::::domino::
eset	security	Affected: 0 , ≤ 10.0.15004.0 (custom) cpe:2.3:a:eset:security:-:::::sharepoint_server::
eset	file_security	Affected: 0 , ≤ * (custom) cpe:2.3:a:eset:file_security:-:::::azure::

Date Public

2024-02-14 11:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-12-10T19:33:58.732Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://packetstormsecurity.com/files/182464/ESET-NOD32-Antivirus-18.0.12.0-Unquoted-Service-Path.html"
          },
          {
            "url": "https://packetstormsecurity.com/files/179495/ESET-NOD32-Antivirus-17.2.7.0-Unquoted-Service-Path.html"
          },
          {
            "url": "https://www.exploit-db.com/exploits/51351"
          },
          {
            "url": "https://www.exploit-db.com/exploits/51964"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:eset:nod32_antivirus:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "nod32_antivirus",
            "vendor": "eset",
            "versions": [
              {
                "lessThanOrEqual": "16.2.15.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:eset:internet_security:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "internet_security",
            "vendor": "eset",
            "versions": [
              {
                "lessThanOrEqual": "16.2.15.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:eset:smart_security_premium:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "smart_security_premium",
            "vendor": "eset",
            "versions": [
              {
                "lessThanOrEqual": "16.2.15.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:eset:security_ultimate:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "security_ultimate",
            "vendor": "eset",
            "versions": [
              {
                "lessThanOrEqual": "16.2.15.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:eset:endpoint_antivirus:-:*:*:*:*:windows:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "endpoint_antivirus",
            "vendor": "eset",
            "versions": [
              {
                "lessThanOrEqual": "10.1.2058.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:eset:endpoint_security:-:*:*:*:*:windows:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "endpoint_security",
            "vendor": "eset",
            "versions": [
              {
                "lessThanOrEqual": "10.1.2058.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:eset:server_security:-:*:*:*:*:windows_server:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "server_security",
            "vendor": "eset",
            "versions": [
              {
                "lessThanOrEqual": "10.0.12014.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:eset:mail_security:-:*:*:*:*:exchange_server:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mail_security",
            "vendor": "eset",
            "versions": [
              {
                "lessThanOrEqual": "10.1.10010.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:eset:mail_security:-:*:*:*:*:domino:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mail_security",
            "vendor": "eset",
            "versions": [
              {
                "lessThanOrEqual": "10.0.14006.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:eset:security:-:*:*:*:*:sharepoint_server:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "security",
            "vendor": "eset",
            "versions": [
              {
                "lessThanOrEqual": "10.0.15004.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:eset:file_security:-:*:*:*:*:azure:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "file_security",
            "vendor": "eset",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-0353",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-20T19:22:48.853538Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-20T19:53:00.534Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "ESET NOD32 Antivirus",
          "vendor": "ESET, spol. s r.o.",
          "versions": [
            {
              "lessThanOrEqual": "16.2.15.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ESET Internet Security",
          "vendor": "ESET, spol. s r.o.",
          "versions": [
            {
              "lessThanOrEqual": "16.2.15.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ESET Smart Security Premium",
          "vendor": "ESET, spol. s r.o.",
          "versions": [
            {
              "lessThanOrEqual": "16.2.15.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ESET Security Ultimate",
          "vendor": "ESET, spol. s r.o.",
          "versions": [
            {
              "lessThanOrEqual": "16.2.15.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ESET Endpoint Antivirus for Windows",
          "vendor": "ESET, spol. s r.o.",
          "versions": [
            {
              "lessThanOrEqual": "10.1.2058.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "10.0.2049.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.1.2066.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "8.1.2052.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ESET Endpoint Security for Windows",
          "vendor": "ESET, spol. s r.o.",
          "versions": [
            {
              "lessThanOrEqual": "10.1.2058.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "10.0.2049.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.1.2066.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "8.1.2052.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ESET Server Security for Windows Server",
          "vendor": "ESET, spol. s r.o.",
          "versions": [
            {
              "lessThanOrEqual": "10.0.12014.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.0.12018.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "8.0.12015.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "7.3.12011.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ESET Mail Security for Microsoft Exchange Server",
          "vendor": "ESET, spol. s r.o.",
          "versions": [
            {
              "lessThanOrEqual": "10.1.10010.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "10.0.10017.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.0.10011.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "8.0.10022.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "7.3.10014.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ESET Mail Security for IBM Domino",
          "vendor": "ESET, spol. s r.o.",
          "versions": [
            {
              "lessThanOrEqual": "10.0.14006.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.0.14007.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "8.0.14010.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "7.3.14004.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ESET Security for Microsoft SharePoint Server",
          "vendor": "ESET, spol. s r.o.",
          "versions": [
            {
              "lessThanOrEqual": "10.0.15004.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.0.15005.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "8.0.15011.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "7.3.15004.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ESET File Security for Microsoft Azure",
          "vendor": "ESET, spol. s r.o.",
          "versions": [
            {
              "lessThanOrEqual": "all versions",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-02-14T11:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET\u2019s file operations to delete files without having proper permission."
            }
          ],
          "value": "Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET\u2019s file operations to delete files without having proper permission."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-15T07:40:24.786Z",
        "orgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
        "shortName": "ESET"
      },
      "references": [
        {
          "url": "https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed"
        }
      ],
      "source": {
        "advisory": "ca8612",
        "discovery": "UNKNOWN"
      },
      "title": "Local privilege escalation in Windows products",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
    "assignerShortName": "ESET",
    "cveId": "CVE-2024-0353",
    "datePublished": "2024-02-15T07:40:24.786Z",
    "dateReserved": "2024-01-09T14:21:58.755Z",
    "dateUpdated": "2025-12-10T19:33:58.732Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2024-0353",
      "date": "2026-06-04",
      "epss": "0.00078",
      "percentile": "0.23365"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-0353\",\"sourceIdentifier\":\"security@eset.com\",\"published\":\"2024-02-15T08:15:46.023\",\"lastModified\":\"2025-12-10T20:16:20.467\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET\u2019s file operations to delete files without having proper permission.\"},{\"lang\":\"es\",\"value\":\"La vulnerabilidad de escalada de privilegios local potencialmente permiti\u00f3 a un atacante hacer un mal uso de las operaciones de archivos de ESET para eliminar archivos sin tener el permiso adecuado.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@eset.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security@eset.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-269\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eset:endpoint_antivirus:*:*:*:*:*:windows:*:*\",\"versionEndExcluding\":\"8.1.2062.0\",\"matchCriteriaId\":\"FD0A2DF6-7A58-491C-AEB8-A2E680AC98F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eset:endpoint_antivirus:*:*:*:*:*:windows:*:*\",\"versionStartIncluding\":\"9.0\",\"versionEndExcluding\":\"9.1.2071.0\",\"matchCriteriaId\":\"05E9177E-5D0F-41ED-8294-DFB89E3876E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eset:endpoint_antivirus:*:*:*:*:*:windows:*:*\",\"versionStartIncluding\":\"10.0\",\"versionEndExcluding\":\"10.0.2052.0\",\"matchCriteriaId\":\"0B60BF84-00BE-4DB0-8997-743F57416BE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eset:endpoint_antivirus:*:*:*:*:*:windows:*:*\",\"versionStartIncluding\":\"10.1\",\"versionEndExcluding\":\"10.1.2063.0\",\"matchCriteriaId\":\"0164AE41-F12C-4B0D-8974-D7437BFB06B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eset:endpoint_antivirus:*:*:*:*:*:windows:*:*\",\"versionStartIncluding\":\"11.0\",\"versionEndExcluding\":\"11.0.2032.0\",\"matchCriteriaId\":\"4E612901-DB52-4059-9817-92C60A84BB2C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eset:endpoint_security:*:*:*:*:*:windows:*:*\",\"versionEndExcluding\":\"8.1.2062.0\",\"matchCriteriaId\":\"74C3F07A-2298-4521-BBC0-F2E48BA982F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eset:endpoint_security:*:*:*:*:*:windows:*:*\",\"versionStartIncluding\":\"9.0\",\"versionEndExcluding\":\"9.1.2071.0\",\"matchCriteriaId\":\"B3D79959-D8FE-4F95-A8E8-03308948FC5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eset:endpoint_security:*:*:*:*:*:windows:*:*\",\"versionStartIncluding\":\"10.0\",\"versionEndExcluding\":\"10.0.2052.0\",\"matchCriteriaId\":\"346C043C-2DE2-490B-A36B-8D0970DFD4B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eset:endpoint_security:*:*:*:*:*:windows:*:*\",\"versionStartIncluding\":\"10.1\",\"versionEndExcluding\":\"10.1.2063.0\",\"matchCriteriaId\":\"71A365AB-99CA-4FA9-A451-5C96B0A5A7F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eset:endpoint_security:*:*:*:*:*:windows:*:*\",\"versionStartIncluding\":\"11.0\",\"versionEndExcluding\":\"11.0.2032.0\",\"matchCriteriaId\":\"395C3173-EDC0-41D7-85B2-612C4DBD98F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eset:file_security:*:*:*:*:*:azure:*:*\",\"matchCriteriaId\":\"1AB25077-C346-4D68-8089-6042BFDA655C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eset:internet_security:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"17.0.10.0\",\"matchCriteriaId\":\"BA4D106F-E8B7-43E9-A568-D779AE96128B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eset:mail_security:*:*:*:*:*:exchange_server:*:*\",\"versionEndExcluding\":\"7.3.10018.0\",\"matchCriteriaId\":\"130C22A6-09A5-4271-9777-E0104049B549\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eset:mail_security:*:*:*:*:*:domino:*:*\",\"versionEndExcluding\":\"7.3.14006.0\",\"matchCriteriaId\":\"3907201A-AB03-472D-888E-C2F4263FF142\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eset:mail_security:*:*:*:*:*:exchange_server:*:*\",\"versionStartIncluding\":\"8.0\",\"versionEndExcluding\":\"8.0.10024.0\",\"matchCriteriaId\":\"222094AC-A5B4-4951-8A66-DE4230E2480F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eset:mail_security:*:*:*:*:*:domino:*:*\",\"versionStartIncluding\":\"8.0\",\"versionEndExcluding\":\"8.0.14014.0\",\"matchCriteriaId\":\"050BA9DE-6985-4833-90C6-60018F521995\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eset:mail_security:*:*:*:*:*:exchange_server:*:*\",\"versionStartIncluding\":\"9.0\",\"versionEndExcluding\":\"9.0.10012.0\",\"matchCriteriaId\":\"FE6862D1-1DC9-492E-B1A7-21DC8F5102C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eset:mail_security:*:*:*:*:*:domino:*:*\",\"versionStartIncluding\":\"9.0\",\"versionEndExcluding\":\"9.0.14008.0\",\"matchCriteriaId\":\"EDB3A57E-7B60-4FAC-BE08-DF10CE47C8E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eset:mail_security:*:*:*:*:*:exchange_server:*:*\",\"versionStartIncluding\":\"10.0\",\"versionEndExcluding\":\"10.0.10018.0\",\"matchCriteriaId\":\"33552BAC-3DD8-4367-AFD3-ACF6A4B0EC15\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eset:mail_security:*:*:*:*:*:domino:*:*\",\"versionStartIncluding\":\"10.0\",\"versionEndExcluding\":\"10.0.14007.0\",\"matchCriteriaId\":\"45C8E944-C3B4-4AB7-8332-F51821F7C253\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eset:mail_security:*:*:*:*:*:exchange_server:*:*\",\"versionStartIncluding\":\"10.1\",\"versionEndExcluding\":\"10.1.10014.0\",\"matchCriteriaId\":\"AE42F470-97D5-405F-8DDB-58030A8A7339\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eset:nod32_antivirus:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"17.0.10.0\",\"matchCriteriaId\":\"3B0F994D-291F-4037-9F38-2ADD30917A1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eset:security:*:*:*:*:*:sharepoint_server:*:*\",\"versionEndExcluding\":\"7.3.15006.0\",\"matchCriteriaId\":\"B1008F99-C3F2-4D79-A37D-2239E7C5535F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eset:security:*:*:*:*:ultimate:*:*:*\",\"versionEndExcluding\":\"17.0.10.0\",\"matchCriteriaId\":\"F78781C7-AD74-4D14-A955-A0380CE7B73F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eset:security:*:*:*:*:*:sharepoint_server:*:*\",\"versionStartIncluding\":\"8.0\",\"versionEndExcluding\":\"8.0.15012.0\",\"matchCriteriaId\":\"732DD0AC-2D36-41E5-9005-3BA04D2BC920\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eset:security:*:*:*:*:*:sharepoint_server:*:*\",\"versionStartIncluding\":\"9.0\",\"versionEndExcluding\":\"9.0.15006.0\",\"matchCriteriaId\":\"61D23E98-F343-41C8-A9CB-14937455AF7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eset:security:*:*:*:*:*:sharepoint_server:*:*\",\"versionStartIncluding\":\"10.0\",\"versionEndExcluding\":\"10.0.15005.0\",\"matchCriteriaId\":\"EDEE8E3A-1A7B-4DBC-9C2A-6A7E4BB1B9B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eset:server_security:*:*:*:*:*:windows_server:*:*\",\"versionEndExcluding\":\"7.3.12013.0\",\"matchCriteriaId\":\"91DE9E8D-6155-42BB-A303-4A31B3A65C49\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eset:server_security:*:*:*:*:*:windows_server:*:*\",\"versionStartIncluding\":\"8.0\",\"versionEndExcluding\":\"8.0.12016.0\",\"matchCriteriaId\":\"C2722856-080B-4025-AD29-7B758303F442\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eset:server_security:*:*:*:*:*:windows_server:*:*\",\"versionStartIncluding\":\"9.0\",\"versionEndExcluding\":\"9.0.12019.0\",\"matchCriteriaId\":\"BA373E8F-2D94-4EF4-96C4-0306D969EB37\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eset:server_security:*:*:*:*:*:windows_server:*:*\",\"versionStartIncluding\":\"10.0\",\"versionEndExcluding\":\"10.0.12015.0\",\"matchCriteriaId\":\"B3A3E72B-98E3-4754-815F-3B3CE57AC8EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eset:smart_security:*:*:*:*:premium:*:*:*\",\"versionEndExcluding\":\"17.0.10.0\",\"matchCriteriaId\":\"1B58F4A8-5BF7-4F3E-8267-E5D43D7AA538\"}]}]}],\"references\":[{\"url\":\"https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed\",\"source\":\"security@eset.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://packetstormsecurity.com/files/179495/ESET-NOD32-Antivirus-17.2.7.0-Unquoted-Service-Path.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://packetstormsecurity.com/files/182464/ESET-NOD32-Antivirus-18.0.12.0-Unquoted-Service-Path.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/51351\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.exploit-db.com/exploits/51964\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://packetstormsecurity.com/files/182464/ESET-NOD32-Antivirus-18.0.12.0-Unquoted-Service-Path.html\"}, {\"url\": \"https://packetstormsecurity.com/files/179495/ESET-NOD32-Antivirus-17.2.7.0-Unquoted-Service-Path.html\"}, {\"url\": \"https://www.exploit-db.com/exploits/51351\"}, {\"url\": \"https://www.exploit-db.com/exploits/51964\"}, {\"url\": \"https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed\", \"tags\": [\"x_transferred\"]}], \"x_generator\": {\"engine\": \"ADPogram 0.0.1\"}, \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-12-10T19:33:58.732Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-0353\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-20T19:22:48.853538Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:eset:nod32_antivirus:*:*:*:*:*:*:*:*\"], \"vendor\": \"eset\", \"product\": \"nod32_antivirus\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"16.2.15.0\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:eset:internet_security:*:*:*:*:*:*:*:*\"], \"vendor\": \"eset\", \"product\": \"internet_security\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"16.2.15.0\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:eset:smart_security_premium:*:*:*:*:*:*:*:*\"], \"vendor\": \"eset\", \"product\": \"smart_security_premium\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"16.2.15.0\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:eset:security_ultimate:*:*:*:*:*:*:*:*\"], \"vendor\": \"eset\", \"product\": \"security_ultimate\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"16.2.15.0\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:eset:endpoint_antivirus:-:*:*:*:*:windows:*:*\"], \"vendor\": \"eset\", \"product\": \"endpoint_antivirus\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"10.1.2058.0\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:eset:endpoint_security:-:*:*:*:*:windows:*:*\"], \"vendor\": \"eset\", \"product\": \"endpoint_security\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"10.1.2058.0\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:eset:server_security:-:*:*:*:*:windows_server:*:*\"], \"vendor\": \"eset\", \"product\": \"server_security\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"10.0.12014.0\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:eset:mail_security:-:*:*:*:*:exchange_server:*:*\"], \"vendor\": \"eset\", \"product\": \"mail_security\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"10.1.10010.0\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:eset:mail_security:-:*:*:*:*:domino:*:*\"], \"vendor\": \"eset\", \"product\": \"mail_security\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"10.0.14006.0\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:eset:security:-:*:*:*:*:sharepoint_server:*:*\"], \"vendor\": \"eset\", \"product\": \"security\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"10.0.15004.0\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:eset:file_security:-:*:*:*:*:azure:*:*\"], \"vendor\": \"eset\", \"product\": \"file_security\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"*\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-20T19:52:39.580Z\"}}], \"cna\": {\"title\": \"Local privilege escalation in Windows products\", \"source\": {\"advisory\": \"ca8612\", \"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"capecId\": \"CAPEC-233\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-233 Privilege Escalation\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"ESET, spol. s r.o.\", \"product\": \"ESET NOD32 Antivirus\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"16.2.15.0\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"ESET, spol. s r.o.\", \"product\": \"ESET Internet Security\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"16.2.15.0\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"ESET, spol. s r.o.\", \"product\": \"ESET Smart Security Premium\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"16.2.15.0\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"ESET, spol. s r.o.\", \"product\": \"ESET Security Ultimate\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"16.2.15.0\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"ESET, spol. s r.o.\", \"product\": \"ESET Endpoint Antivirus for Windows\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"10.1.2058.0\"}, {\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"10.0.2049.0\"}, {\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"9.1.2066.0\"}, {\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.1.2052.0\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"ESET, spol. s r.o.\", \"product\": \"ESET Endpoint Security for Windows\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"10.1.2058.0\"}, {\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"10.0.2049.0\"}, {\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"9.1.2066.0\"}, {\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.1.2052.0\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"ESET, spol. s r.o.\", \"product\": \"ESET Server Security for Windows Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"10.0.12014.0\"}, {\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"9.0.12018.0\"}, {\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.0.12015.0\"}, {\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"7.3.12011.0\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"ESET, spol. s r.o.\", \"product\": \"ESET Mail Security for Microsoft Exchange Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"10.1.10010.0\"}, {\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"10.0.10017.0\"}, {\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"9.0.10011.0\"}, {\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.0.10022.0\"}, {\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"7.3.10014.0\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"ESET, spol. s r.o.\", \"product\": \"ESET Mail Security for IBM Domino\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"10.0.14006.0\"}, {\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"9.0.14007.0\"}, {\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.0.14010.0\"}, {\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"7.3.14004.0\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"ESET, spol. s r.o.\", \"product\": \"ESET Security for Microsoft SharePoint Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"10.0.15004.0\"}, {\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"9.0.15005.0\"}, {\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.0.15011.0\"}, {\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"7.3.15004.0\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"ESET, spol. s r.o.\", \"product\": \"ESET File Security for Microsoft Azure\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"all versions\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2024-02-14T11:00:00.000Z\", \"references\": [{\"url\": \"https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET\\u2019s file operations to delete files without having proper permission.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET\\u2019s file operations to delete files without having proper permission.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-269\", \"description\": \"CWE-269 Improper Privilege Management\"}]}], \"providerMetadata\": {\"orgId\": \"4a9b9929-2450-4021-b7b9-469a0255b215\", \"shortName\": \"ESET\", \"dateUpdated\": \"2024-02-15T07:40:24.786Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-0353\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-12-10T19:33:58.732Z\", \"dateReserved\": \"2024-01-09T14:21:58.755Z\", \"assignerOrgId\": \"4a9b9929-2450-4021-b7b9-469a0255b215\", \"datePublished\": \"2024-02-15T07:40:24.786Z\", \"assignerShortName\": \"ESET\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

BDU:2024-01460

Vulnerability from fstec - Published: 14.02.2024

Title

Уязвимость обработчика операций с файлами программного обеспечения антивирусных программных продуктов ESET, позволяющая нарушителю удалять произвольные файлы в системе

Description

Уязвимость обработчика операций с файлами программного обеспечения антивирусных программных продуктов ESET связана с ошибками при управлении привилегиями. Эксплуатация уязвимости может позволить нарушителю удалять произвольные файлы в системе

Severity


                    
                      AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vendor

ESET Software

Software Name

ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security Premium, ESET Security Ultimate, ESET Endpoint Antivirus, ESET Endpoint Security, ESET Server Security for Microsoft Windows Server, ESET Mail Security for Microsoft Exchange Server, ESET Mail Security for IBM Domino, ESET Security for Microsoft SharePoint Server

Software Version

до 17.0.10.0 (ESET NOD32 Antivirus), до 17.0.10.0 (ESET Internet Security), до 17.0.10.0 (ESET Smart Security Premium), до 17.0.10.0 (ESET Security Ultimate), от 11.0 до 11.0.2032.0 (ESET Endpoint Antivirus), от 10.1 до 10.1.2063.0 (ESET Endpoint Antivirus), от 10.0 до 10.0.2052.0 (ESET Endpoint Antivirus), от 9.0 до 9.1.2071.0 (ESET Endpoint Antivirus), до 8.1.2062.0 (ESET Endpoint Antivirus), от 11.0 до 11.0.2032.0 (ESET Endpoint Security), от 10.1 до 10.1.2063.0 (ESET Endpoint Security), от 10.0 до 10.0.2052.0 (ESET Endpoint Security), от 9.0 до 9.1.2071.0 (ESET Endpoint Security), до 8.1.2062.0 (ESET Endpoint Security), от 10.0 до 10.0.12015.0 (ESET Server Security for Microsoft Windows Server), от 9.0 до 9.0.12019.0 (ESET Server Security for Microsoft Windows Server), от 8.0 до 8.0.12016.0 (ESET Server Security for Microsoft Windows Server), до 7.3.12013.0 (ESET Server Security for Microsoft Windows Server), от 10.1 до 10.1.10014.0 (ESET Mail Security for Microsoft Exchange Server), от 10.0 до 10.0.10018.0 (ESET Mail Security for Microsoft Exchange Server), от 9.0 до 9.0.10012.0 (ESET Mail Security for Microsoft Exchange Server), от 8.0 до 8.0.10024.0 (ESET Mail Security for Microsoft Exchange Server), до 7.3.10018.0 (ESET Mail Security for Microsoft Exchange Server), от 10.0 до 10.0.14007.0 (ESET Mail Security for IBM Domino), от 9.0 до 9.0.14008.0 (ESET Mail Security for IBM Domino), от 8.0 до 8.0.14014.0 (ESET Mail Security for IBM Domino), до 7.3.14006.0 (ESET Mail Security for IBM Domino), от 10.0 до 10.0.15005.0 (ESET Security for Microsoft SharePoint Server), от 9.0 до 9.0.15006.0 (ESET Security for Microsoft SharePoint Server), от 8.0 до 8.0.15012.0 (ESET Security for Microsoft SharePoint Server), до 7.3.15006.0 (ESET Security for Microsoft SharePoint Server)

Possible Mitigations

Установка обновлений из доверенных источников. В связи со сложившейся обстановкой и введенными санкциями против Российской Федерации рекомендуется устанавливать обновления программного обеспечения только после оценки всех сопутствующих рисков. Компенсирующие меры: - минимизация пользовательских привилегий; - отключение/удаление неиспользуемых учётных записей пользователей. Использование рекомендаций производителя: https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed

Reference

None

CWE

CWE-269

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
  "CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "ESET Software",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 17.0.10.0 (ESET NOD32 Antivirus), \u0434\u043e 17.0.10.0 (ESET Internet Security), \u0434\u043e 17.0.10.0 (ESET Smart Security Premium), \u0434\u043e 17.0.10.0 (ESET Security Ultimate), \u043e\u0442 11.0 \u0434\u043e 11.0.2032.0 (ESET Endpoint Antivirus), \u043e\u0442 10.1 \u0434\u043e 10.1.2063.0 (ESET Endpoint Antivirus), \u043e\u0442 10.0 \u0434\u043e 10.0.2052.0 (ESET Endpoint Antivirus), \u043e\u0442 9.0 \u0434\u043e 9.1.2071.0 (ESET Endpoint Antivirus), \u0434\u043e 8.1.2062.0 (ESET Endpoint Antivirus), \u043e\u0442 11.0 \u0434\u043e 11.0.2032.0 (ESET Endpoint Security), \u043e\u0442 10.1 \u0434\u043e 10.1.2063.0 (ESET Endpoint Security), \u043e\u0442 10.0 \u0434\u043e 10.0.2052.0 (ESET Endpoint Security), \u043e\u0442 9.0 \u0434\u043e 9.1.2071.0 (ESET Endpoint Security), \u0434\u043e 8.1.2062.0 (ESET Endpoint Security), \u043e\u0442 10.0 \u0434\u043e 10.0.12015.0 (ESET Server Security for Microsoft Windows Server), \u043e\u0442 9.0 \u0434\u043e 9.0.12019.0 (ESET Server Security for Microsoft Windows Server), \u043e\u0442 8.0 \u0434\u043e 8.0.12016.0 (ESET Server Security for Microsoft Windows Server), \u0434\u043e 7.3.12013.0 (ESET Server Security for Microsoft Windows Server), \u043e\u0442 10.1 \u0434\u043e 10.1.10014.0 (ESET Mail Security for Microsoft Exchange Server), \u043e\u0442 10.0 \u0434\u043e 10.0.10018.0 (ESET Mail Security for Microsoft Exchange Server), \u043e\u0442 9.0 \u0434\u043e 9.0.10012.0 (ESET Mail Security for Microsoft Exchange Server), \u043e\u0442 8.0 \u0434\u043e 8.0.10024.0 (ESET Mail Security for Microsoft Exchange Server), \u0434\u043e 7.3.10018.0 (ESET Mail Security for Microsoft Exchange Server), \u043e\u0442 10.0 \u0434\u043e 10.0.14007.0 (ESET Mail Security for IBM Domino), \u043e\u0442 9.0 \u0434\u043e 9.0.14008.0 (ESET Mail Security for IBM Domino), \u043e\u0442 8.0 \u0434\u043e 8.0.14014.0 (ESET Mail Security for IBM Domino), \u0434\u043e 7.3.14006.0 (ESET Mail Security for IBM Domino), \u043e\u0442 10.0 \u0434\u043e 10.0.15005.0 (ESET Security for Microsoft SharePoint Server), \u043e\u0442 9.0 \u0434\u043e 9.0.15006.0 (ESET Security for Microsoft SharePoint Server), \u043e\u0442 8.0 \u0434\u043e 8.0.15012.0 (ESET Security for Microsoft SharePoint Server), \u0434\u043e 7.3.15006.0 (ESET Security for Microsoft SharePoint Server)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0438\u0437 \u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0445 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u043e\u0432.\n\u0412 \u0441\u0432\u044f\u0437\u0438 \u0441\u043e \u0441\u043b\u043e\u0436\u0438\u0432\u0448\u0435\u0439\u0441\u044f \u043e\u0431\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u043e\u0439 \u0438 \u0432\u0432\u0435\u0434\u0435\u043d\u043d\u044b\u043c\u0438 \u0441\u0430\u043d\u043a\u0446\u0438\u044f\u043c\u0438 \u043f\u0440\u043e\u0442\u0438\u0432 \u0420\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u043e\u0439 \u0424\u0435\u0434\u0435\u0440\u0430\u0446\u0438\u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u0441\u043b\u0435 \u043e\u0446\u0435\u043d\u043a\u0438 \u0432\u0441\u0435\u0445 \u0441\u043e\u043f\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0445 \u0440\u0438\u0441\u043a\u043e\u0432.\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u043c\u0438\u043d\u0438\u043c\u0438\u0437\u0430\u0446\u0438\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0445 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439;\n- \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435/\u0443\u0434\u0430\u043b\u0435\u043d\u0438\u0435 \u043d\u0435\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0443\u0447\u0451\u0442\u043d\u044b\u0445 \u0437\u0430\u043f\u0438\u0441\u0435\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439.\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "14.02.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "20.02.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "20.02.2024",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-01460",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-0353",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security Premium, ESET Security Ultimate, ESET Endpoint Antivirus, ESET Endpoint Security, ESET Server Security for Microsoft Windows Server, ESET Mail Security for Microsoft Exchange Server, ESET Mail Security for IBM Domino, ESET Security for Microsoft SharePoint Server",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0439 \u0441 \u0444\u0430\u0439\u043b\u0430\u043c\u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0430\u043d\u0442\u0438\u0432\u0438\u0440\u0443\u0441\u043d\u044b\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 ESET, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0443\u0434\u0430\u043b\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0435 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 (CWE-269)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0439 \u0441 \u0444\u0430\u0439\u043b\u0430\u043c\u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0430\u043d\u0442\u0438\u0432\u0438\u0440\u0443\u0441\u043d\u044b\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 ESET \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043f\u0440\u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0443\u0434\u0430\u043b\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": null,
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u0421\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0437\u0430\u0449\u0438\u0442\u044b, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u041f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0437\u0430\u0449\u0438\u0442\u044b",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-269",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)"
}

CERTFR-2024-AVI-0136

Vulnerability from certfr_avis - Published: 2024-02-15 - Updated: 2024-02-15

Une vulnérabilité a été découverte dans les produits ESET. Elle permet à un attaquant de provoquer une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
ESET	Security	ESET Security pour Microsoft SharePoint Server versions 7.3.x.x antérieures à 7.3.15006.0
ESET	N/A	ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security Premium et ESET Security Ultimate versions antérieures à 17.0.10.0
ESET	Mail Security	ESET Mail Security pour IBM Domino versions 10.0.x.x antérieures à 10.0.14007.0
ESET	Mail Security	ESET Mail Security pour Microsoft Exchange Server versions 10.1.x.x antérieures à 10.1.10014.0
ESET	Security	ESET Security pour Microsoft SharePoint Server versions 9.0.x.x antérieures à 9.0.15006.0
ESET	Mail Security	ESET Mail Security pour IBM Domino versions 7.3.x.x antérieures à 7.3.14006.0
ESET	N/A	ESET Server Security pour Windows Server (anciennement File Security pour Microsoft Windows Server) versions 10.0.x.x antérieures à 10.0.12015.0
ESET	Mail Security	ESET Mail Security pour IBM Domino versions 8.0.x.x antérieures à 8.0.14014.0
ESET	N/A	ESET Endpoint Antivirus pour Windows et ESET Endpoint Security pour Windows versions 10.1.x.x antérieures à 10.1.2063.0
ESET	N/A	ESET Endpoint Antivirus pour Windows et ESET Endpoint Security pour Windows versions 10.0.x.x antérieures à 10.0.2052.0
ESET	N/A	ESET Server Security pour Windows Server (anciennement File Security pour Microsoft Windows Server) versions 7.3.x.x antérieures à 7.3.12013.0
ESET	N/A	ESET Endpoint Antivirus pour Windows et ESET Endpoint Security pour Windows versions 8.1.x.x antérieures à 8.1.2062.0
ESET	Mail Security	ESET Mail Security pour Microsoft Exchange Server versions 9.0.x.x antérieures à 9.0.10012.0
ESET	N/A	ESET Server Security pour Windows Server (anciennement File Security pour Microsoft Windows Server) versions 8.0.x.x antérieures à 8.0.12016.0
ESET	Mail Security	ESET Mail Security pour Microsoft Exchange Server versions 8.0.x.x antérieures à 8.0.10024.0
ESET	Mail Security	ESET Mail Security pour Microsoft Exchange Server versions 7.3.x.x antérieures à 7.3.10018.0
ESET	Security	ESET Security pour Microsoft SharePoint Server versions 8.0.x.x antérieures à 8.0.15012.0
ESET	Security	ESET Security pour Microsoft SharePoint Server versions 10.0.x.x antérieures à 10.0.15005.0
ESET	Mail Security	ESET Mail Security pour Microsoft Exchange Server versions 10.0.x.x antérieures à 10.0.10018.0
ESET	N/A	ESET Endpoint Antivirus pour Windows et ESET Endpoint Security pour Windows versions 9.1.x.x antérieures à 9.1.2071.0
ESET	Mail Security	ESET Mail Security pour IBM Domino versions 9.0.x.x antérieures à 9.0.14008.0
ESET	N/A	ESET Server Security pour Windows Server (anciennement File Security pour Microsoft Windows Server) versions 9.0.x.x antérieures à 9.0.12019.0
ESET	N/A	ESET Endpoint Antivirus pour Windows et ESET Endpoint Security pour Windows versions 11.0.x.x antérieures à 11.0.2032.0
ESET	File Security	ESET File Security pour Microsoft Azure

References

Title

Publication Time

FKIE_CVE-2024-0353

Vulnerability from fkie_nvd - Published: 2024-02-15 08:15 - Updated: 2025-12-10 20:16

Severity

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete files without having proper permission.

References

URL	Tags
security@eset.com	https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://packetstormsecurity.com/files/179495/ESET-NOD32-Antivirus-17.2.7.0-Unquoted-Service-Path.html	Broken Link
af854a3a-2127-422b-91ae-364da2661108	https://packetstormsecurity.com/files/182464/ESET-NOD32-Antivirus-18.0.12.0-Unquoted-Service-Path.html	Broken Link
af854a3a-2127-422b-91ae-364da2661108	https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/51351
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/51964

Impacted products

Vendor	Product	Version
eset	endpoint_antivirus	*
eset	endpoint_antivirus	*
eset	endpoint_antivirus	*
eset	endpoint_antivirus	*
eset	endpoint_antivirus	*
eset	endpoint_security	*
eset	endpoint_security	*
eset	endpoint_security	*
eset	endpoint_security	*
eset	endpoint_security	*
eset	file_security	*
eset	internet_security	*
eset	mail_security	*
eset	mail_security	*
eset	mail_security	*
eset	mail_security	*
eset	mail_security	*
eset	mail_security	*
eset	mail_security	*
eset	mail_security	*
eset	mail_security	*
eset	nod32_antivirus	*
eset	security	*
eset	security	*
eset	security	*
eset	security	*
eset	security	*
eset	server_security	*
eset	server_security	*
eset	server_security	*
eset	server_security	*
eset	smart_security	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:eset:endpoint_antivirus:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "FD0A2DF6-7A58-491C-AEB8-A2E680AC98F1",
              "versionEndExcluding": "8.1.2062.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eset:endpoint_antivirus:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "05E9177E-5D0F-41ED-8294-DFB89E3876E4",
              "versionEndExcluding": "9.1.2071.0",
              "versionStartIncluding": "9.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eset:endpoint_antivirus:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "0B60BF84-00BE-4DB0-8997-743F57416BE4",
              "versionEndExcluding": "10.0.2052.0",
              "versionStartIncluding": "10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eset:endpoint_antivirus:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "0164AE41-F12C-4B0D-8974-D7437BFB06B4",
              "versionEndExcluding": "10.1.2063.0",
              "versionStartIncluding": "10.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eset:endpoint_antivirus:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "4E612901-DB52-4059-9817-92C60A84BB2C",
              "versionEndExcluding": "11.0.2032.0",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eset:endpoint_security:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "74C3F07A-2298-4521-BBC0-F2E48BA982F9",
              "versionEndExcluding": "8.1.2062.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eset:endpoint_security:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B3D79959-D8FE-4F95-A8E8-03308948FC5D",
              "versionEndExcluding": "9.1.2071.0",
              "versionStartIncluding": "9.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eset:endpoint_security:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "346C043C-2DE2-490B-A36B-8D0970DFD4B6",
              "versionEndExcluding": "10.0.2052.0",
              "versionStartIncluding": "10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eset:endpoint_security:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "71A365AB-99CA-4FA9-A451-5C96B0A5A7F5",
              "versionEndExcluding": "10.1.2063.0",
              "versionStartIncluding": "10.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eset:endpoint_security:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "395C3173-EDC0-41D7-85B2-612C4DBD98F0",
              "versionEndExcluding": "11.0.2032.0",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eset:file_security:*:*:*:*:*:azure:*:*",
              "matchCriteriaId": "1AB25077-C346-4D68-8089-6042BFDA655C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eset:internet_security:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA4D106F-E8B7-43E9-A568-D779AE96128B",
              "versionEndExcluding": "17.0.10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eset:mail_security:*:*:*:*:*:exchange_server:*:*",
              "matchCriteriaId": "130C22A6-09A5-4271-9777-E0104049B549",
              "versionEndExcluding": "7.3.10018.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eset:mail_security:*:*:*:*:*:domino:*:*",
              "matchCriteriaId": "3907201A-AB03-472D-888E-C2F4263FF142",
              "versionEndExcluding": "7.3.14006.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eset:mail_security:*:*:*:*:*:exchange_server:*:*",
              "matchCriteriaId": "222094AC-A5B4-4951-8A66-DE4230E2480F",
              "versionEndExcluding": "8.0.10024.0",
              "versionStartIncluding": "8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eset:mail_security:*:*:*:*:*:domino:*:*",
              "matchCriteriaId": "050BA9DE-6985-4833-90C6-60018F521995",
              "versionEndExcluding": "8.0.14014.0",
              "versionStartIncluding": "8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eset:mail_security:*:*:*:*:*:exchange_server:*:*",
              "matchCriteriaId": "FE6862D1-1DC9-492E-B1A7-21DC8F5102C4",
              "versionEndExcluding": "9.0.10012.0",
              "versionStartIncluding": "9.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eset:mail_security:*:*:*:*:*:domino:*:*",
              "matchCriteriaId": "EDB3A57E-7B60-4FAC-BE08-DF10CE47C8E2",
              "versionEndExcluding": "9.0.14008.0",
              "versionStartIncluding": "9.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eset:mail_security:*:*:*:*:*:exchange_server:*:*",
              "matchCriteriaId": "33552BAC-3DD8-4367-AFD3-ACF6A4B0EC15",
              "versionEndExcluding": "10.0.10018.0",
              "versionStartIncluding": "10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eset:mail_security:*:*:*:*:*:domino:*:*",
              "matchCriteriaId": "45C8E944-C3B4-4AB7-8332-F51821F7C253",
              "versionEndExcluding": "10.0.14007.0",
              "versionStartIncluding": "10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eset:mail_security:*:*:*:*:*:exchange_server:*:*",
              "matchCriteriaId": "AE42F470-97D5-405F-8DDB-58030A8A7339",
              "versionEndExcluding": "10.1.10014.0",
              "versionStartIncluding": "10.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eset:nod32_antivirus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B0F994D-291F-4037-9F38-2ADD30917A1B",
              "versionEndExcluding": "17.0.10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eset:security:*:*:*:*:*:sharepoint_server:*:*",
              "matchCriteriaId": "B1008F99-C3F2-4D79-A37D-2239E7C5535F",
              "versionEndExcluding": "7.3.15006.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eset:security:*:*:*:*:ultimate:*:*:*",
              "matchCriteriaId": "F78781C7-AD74-4D14-A955-A0380CE7B73F",
              "versionEndExcluding": "17.0.10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eset:security:*:*:*:*:*:sharepoint_server:*:*",
              "matchCriteriaId": "732DD0AC-2D36-41E5-9005-3BA04D2BC920",
              "versionEndExcluding": "8.0.15012.0",
              "versionStartIncluding": "8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eset:security:*:*:*:*:*:sharepoint_server:*:*",
              "matchCriteriaId": "61D23E98-F343-41C8-A9CB-14937455AF7E",
              "versionEndExcluding": "9.0.15006.0",
              "versionStartIncluding": "9.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eset:security:*:*:*:*:*:sharepoint_server:*:*",
              "matchCriteriaId": "EDEE8E3A-1A7B-4DBC-9C2A-6A7E4BB1B9B3",
              "versionEndExcluding": "10.0.15005.0",
              "versionStartIncluding": "10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eset:server_security:*:*:*:*:*:windows_server:*:*",
              "matchCriteriaId": "91DE9E8D-6155-42BB-A303-4A31B3A65C49",
              "versionEndExcluding": "7.3.12013.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eset:server_security:*:*:*:*:*:windows_server:*:*",
              "matchCriteriaId": "C2722856-080B-4025-AD29-7B758303F442",
              "versionEndExcluding": "8.0.12016.0",
              "versionStartIncluding": "8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eset:server_security:*:*:*:*:*:windows_server:*:*",
              "matchCriteriaId": "BA373E8F-2D94-4EF4-96C4-0306D969EB37",
              "versionEndExcluding": "9.0.12019.0",
              "versionStartIncluding": "9.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eset:server_security:*:*:*:*:*:windows_server:*:*",
              "matchCriteriaId": "B3A3E72B-98E3-4754-815F-3B3CE57AC8EA",
              "versionEndExcluding": "10.0.12015.0",
              "versionStartIncluding": "10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eset:smart_security:*:*:*:*:premium:*:*:*",
              "matchCriteriaId": "1B58F4A8-5BF7-4F3E-8267-E5D43D7AA538",
              "versionEndExcluding": "17.0.10.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET\u2019s file operations to delete files without having proper permission."
    },
    {
      "lang": "es",
      "value": "La vulnerabilidad de escalada de privilegios local potencialmente permiti\u00f3 a un atacante hacer un mal uso de las operaciones de archivos de ESET para eliminar archivos sin tener el permiso adecuado."
    }
  ],
  "id": "CVE-2024-0353",
  "lastModified": "2025-12-10T20:16:20.467",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "security@eset.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-02-15T08:15:46.023",
  "references": [
    {
      "source": "security@eset.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://packetstormsecurity.com/files/179495/ESET-NOD32-Antivirus-17.2.7.0-Unquoted-Service-Path.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://packetstormsecurity.com/files/182464/ESET-NOD32-Antivirus-18.0.12.0-Unquoted-Service-Path.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/51351"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/51964"
    }
  ],
  "sourceIdentifier": "security@eset.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ],
      "source": "security@eset.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-8M6H-Q36W-XVG7

Vulnerability from github – Published: 2024-02-15 09:30 – Updated: 2025-12-10 21:31

Details

Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete files without having proper permission.

Severity

7.8 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-0353"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-15T08:15:46Z",
    "severity": "HIGH"
  },
  "details": "Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET\u2019s file operations to delete files without having proper permission.",
  "id": "GHSA-8m6h-q36w-xvg7",
  "modified": "2025-12-10T21:31:28Z",
  "published": "2024-02-15T09:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0353"
    },
    {
      "type": "WEB",
      "url": "https://packetstormsecurity.com/files/179495/ESET-NOD32-Antivirus-17.2.7.0-Unquoted-Service-Path.html"
    },
    {
      "type": "WEB",
      "url": "https://packetstormsecurity.com/files/182464/ESET-NOD32-Antivirus-18.0.12.0-Unquoted-Service-Path.html"
    },
    {
      "type": "WEB",
      "url": "https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/51351"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/51964"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2024-0353

Vulnerability from gsd - Updated: 2024-01-10 06:02

Details

Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete files without having proper permission.

Aliases

CVE-2024-0353

JSON

To clipboard

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2024-0353"
      ],
      "details": "Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET\u2019s file operations to delete files without having proper permission.",
      "id": "GSD-2024-0353",
      "modified": "2024-01-10T06:02:19.995491Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@eset.com",
        "ID": "CVE-2024-0353",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "ESET NOD32 Antivirus",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "0",
                          "version_value": "16.2.15.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "ESET Internet Security",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "0",
                          "version_value": "16.2.15.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "ESET Smart Security Premium",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "0",
                          "version_value": "16.2.15.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "ESET Security Ultimate",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "0",
                          "version_value": "16.2.15.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "ESET Endpoint Antivirus for Windows",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "0",
                          "version_value": "10.1.2058.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "ESET Endpoint Security for Windows",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "0",
                          "version_value": "10.1.2058.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "ESET Server Security for Windows Server",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "0",
                          "version_value": "10.0.12014.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "ESET Mail Security for Microsoft Exchange Server",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "0",
                          "version_value": "10.1.10010.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "ESET Mail Security for IBM Domino",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "0",
                          "version_value": "10.0.14006.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "ESET Security for Microsoft SharePoint Server",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "0",
                          "version_value": "10.0.15004.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "ESET File Security for Microsoft Azure",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "0",
                          "version_value": "all versions"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "ESET, spol. s r.o."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET\u2019s file operations to delete files without having proper permission."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-269",
                "lang": "eng",
                "value": "CWE-269 Improper Privilege Management"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed",
            "refsource": "MISC",
            "url": "https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed"
          }
        ]
      },
      "source": {
        "advisory": "ca8612",
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "descriptions": [
          {
            "lang": "en",
            "value": "Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET\u2019s file operations to delete files without having proper permission."
          }
        ],
        "id": "CVE-2024-0353",
        "lastModified": "2024-02-15T14:28:31.380",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 1.8,
              "impactScore": 5.9,
              "source": "security@eset.com",
              "type": "Secondary"
            }
          ]
        },
        "published": "2024-02-15T08:15:46.023",
        "references": [
          {
            "source": "security@eset.com",
            "url": "https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed"
          }
        ],
        "sourceIdentifier": "security@eset.com",
        "vulnStatus": "Awaiting Analysis",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-269"
              }
            ],
            "source": "security@eset.com",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}

WID-SEC-W-2024-0399

Vulnerability from csaf_certbund - Published: 2024-02-14 23:00 - Updated: 2024-02-14 23:00

Summary

ESET Produkte: Schwachstelle ermöglicht Privilegieneskalation

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: ESET Endpoint Security ist eine mehrschichtige, plattformübergreifende Sicherheitslösung für Clientsysteme. ESET Server Security ist eine Sicherheitslösung für Dateiserver zum Schutz vor z.B. Malware. Eset NOD32 Antivirus ist eine Internet Security Lösung.

Angriff: Ein lokaler Angreifer kann eine Schwachstelle in ESET Endpoint Security, ESET Server Security und ESET NOD32 Antivirus ausnutzen, um seine Privilegien zu erhöhen.

Betroffene Betriebssysteme: - Windows

CVE-2024-0353

Es besteht eine Schwachstelle in ESET Endpoint Security, ESET Server Security und ESET NOD32 Antivirus. Dieser Fehler besteht in der Handhabung von Datei-Operationen, die von der Funktion Echtzeit-Dateisystemschutz ausgeführt werden, aufgrund einer unsachgemäßen Zugriffsverwaltung, die es ermöglicht, beliebige Dateien als NT AUTHORITY\SYSTEM zu löschen. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern.

References

3 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://support.eset.com/en/ca8612-eset-customer-…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "ESET Endpoint Security ist eine mehrschichtige, plattform\u00fcbergreifende Sicherheitsl\u00f6sung f\u00fcr Clientsysteme.\r\nESET Server Security ist eine Sicherheitsl\u00f6sung f\u00fcr Dateiserver zum Schutz vor z.B. Malware.\r\nEset NOD32 Antivirus ist eine Internet Security L\u00f6sung.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann eine Schwachstelle in ESET Endpoint Security, ESET Server Security und ESET NOD32 Antivirus ausnutzen, um seine Privilegien zu erh\u00f6hen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0399 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0399.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0399 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0399"
      },
      {
        "category": "external",
        "summary": "ESET Customer Advisory 2024-0003 vom 2024-02-14",
        "url": "https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed"
      }
    ],
    "source_lang": "en-US",
    "title": "ESET Produkte: Schwachstelle erm\u00f6glicht Privilegieneskalation",
    "tracking": {
      "current_release_date": "2024-02-14T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:05:19.629+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2024-0399",
      "initial_release_date": "2024-02-14T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-02-14T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 11.0.2032.0",
                "product": {
                  "name": "ESET Endpoint Security \u003c 11.0.2032.0",
                  "product_id": "T032839"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c 10.1.2063.0",
                "product": {
                  "name": "ESET Endpoint Security \u003c 10.1.2063.0",
                  "product_id": "T032840"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c 10.0.2052.0",
                "product": {
                  "name": "ESET Endpoint Security \u003c 10.0.2052.0",
                  "product_id": "T032841"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c 9.1.2071.0",
                "product": {
                  "name": "ESET Endpoint Security \u003c 9.1.2071.0",
                  "product_id": "T032842"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c 8.1.2062.0",
                "product": {
                  "name": "ESET Endpoint Security \u003c 8.1.2062.0",
                  "product_id": "T032843"
                }
              }
            ],
            "category": "product_name",
            "name": "Endpoint Security"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 17.0.10.0",
                "product": {
                  "name": "ESET NOD32 Antivirus \u003c 17.0.10.0",
                  "product_id": "T032848"
                }
              }
            ],
            "category": "product_name",
            "name": "NOD32 Antivirus"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 10.0.12015.0",
                "product": {
                  "name": "ESET Server Security \u003c 10.0.12015.0",
                  "product_id": "T032844"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c 9.0.12019.0",
                "product": {
                  "name": "ESET Server Security \u003c 9.0.12019.0",
                  "product_id": "T032845"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c 8.0.12016.0",
                "product": {
                  "name": "ESET Server Security \u003c 8.0.12016.0",
                  "product_id": "T032846"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c 7.3.12013.0",
                "product": {
                  "name": "ESET Server Security \u003c 7.3.12013.0",
                  "product_id": "T032847"
                }
              }
            ],
            "category": "product_name",
            "name": "Server Security"
          }
        ],
        "category": "vendor",
        "name": "ESET"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-0353",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in ESET Endpoint Security, ESET Server Security und ESET NOD32 Antivirus. Dieser Fehler besteht in der Handhabung von Datei-Operationen, die von der Funktion Echtzeit-Dateisystemschutz ausgef\u00fchrt werden, aufgrund einer unsachgem\u00e4\u00dfen Zugriffsverwaltung, die es erm\u00f6glicht, beliebige Dateien als NT AUTHORITY\\SYSTEM zu l\u00f6schen. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern."
        }
      ],
      "release_date": "2024-02-14T23:00:00.000+00:00",
      "title": "CVE-2024-0353"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-0353 (GCVE-0-2024-0353)

BDU:2024-01460

CERTFR-2024-AVI-0136

Solution

FKIE_CVE-2024-0353

GHSA-8M6H-Q36W-XVG7

GSD-2024-0353

WID-SEC-W-2024-0399

Tags

Sightings

Nomenclature