Japan Vulnerability NotesJVN:95898697JVN#95898697: Multiple ESET products for macOS vulnerable to improper server certificate verification
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.004 Low
EPSS
Percentile
74.1%
Multiple ESET products for macOS are vulnerable to improper server certificate verification (CWE-295).
Impact
A man-in-the-middle attack may allow an attacker to alter the data received by the affected products.
Solution
Update the software
Update the software to the latest version according to the information provided by the developer.
The developer has released the following versions that address the vulnerability.
- ESET Cyber Security 6.4.128.0 (released on February 13, 2017)
- ESET Cyber Security Pro 6.4.128.0 (released on February 13, 2017)
- ESET Endpoint Antivirus for macOS 6.4.168.0 (released on February 14, 2017)
- ESET Endpoint Security for macOS 6.4.168.0 (released on February 14, 2017)
Products Affected
- ESET Cyber Security 6.1.x to 6.3.70.1
- ESET Cyber Security Pro 6.1.x to 6.3.70.1
- ESET Endpoint Antivirus for macOS 6.0.x to 6.3.85.1
- ESET Endpoint Security for macOS 6.0.x to 6.3.85.1
Related
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.004 Low
EPSS
Percentile
74.1%