CVE-2024-0353

EUVD-2024-16149
Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete files without having proper permission.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
ESETCNA
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 23%
Affected Products (NVD)
VendorProductVersion
esetendpoint_antivirus
𝑥
< 8.1.2062.0
esetendpoint_antivirus
9.0 ≤
𝑥
< 9.1.2071.0
esetendpoint_antivirus
10.0 ≤
𝑥
< 10.0.2052.0
esetendpoint_antivirus
10.1 ≤
𝑥
< 10.1.2063.0
esetendpoint_antivirus
11.0 ≤
𝑥
< 11.0.2032.0
esetendpoint_security
𝑥
< 8.1.2062.0
esetendpoint_security
9.0 ≤
𝑥
< 9.1.2071.0
esetendpoint_security
10.0 ≤
𝑥
< 10.0.2052.0
esetendpoint_security
10.1 ≤
𝑥
< 10.1.2063.0
esetendpoint_security
11.0 ≤
𝑥
< 11.0.2032.0
esetfile_security
*
esetinternet_security
𝑥
< 17.0.10.0
esetmail_security
𝑥
< 7.3.10018.0
esetmail_security
𝑥
< 7.3.14006.0
esetmail_security
8.0 ≤
𝑥
< 8.0.10024.0
esetmail_security
8.0 ≤
𝑥
< 8.0.14014.0
esetmail_security
9.0 ≤
𝑥
< 9.0.10012.0
esetmail_security
9.0 ≤
𝑥
< 9.0.14008.0
esetmail_security
10.0 ≤
𝑥
< 10.0.10018.0
esetmail_security
10.0 ≤
𝑥
< 10.0.14007.0
esetmail_security
10.1 ≤
𝑥
< 10.1.10014.0
esetnod32_antivirus
𝑥
< 17.0.10.0
esetsecurity
𝑥
< 7.3.15006.0
esetsecurity
𝑥
< 17.0.10.0
esetsecurity
8.0 ≤
𝑥
< 8.0.15012.0
esetsecurity
9.0 ≤
𝑥
< 9.0.15006.0
esetsecurity
10.0 ≤
𝑥
< 10.0.15005.0
esetserver_security
𝑥
< 7.3.12013.0
esetserver_security
8.0 ≤
𝑥
< 8.0.12016.0
esetserver_security
9.0 ≤
𝑥
< 9.0.12019.0
esetserver_security
10.0 ≤
𝑥
< 10.0.12015.0
esetsmart_security
𝑥
< 17.0.10.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed
https://packetstormsecurity.com/files/179495/ESET-NOD32-Antivirus-17.2.7.0-Unquoted-Service-Path.html
https://packetstormsecurity.com/files/182464/ESET-NOD32-Antivirus-18.0.12.0-Unquoted-Service-Path.html
https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed
https://www.exploit-db.com/exploits/51351
https://www.exploit-db.com/exploits/51964