Lucene search

K
nvd[email protected]NVD:CVE-2016-9892
HistoryMar 02, 2017 - 11:59 p.m.

CVE-2016-9892

2017-03-0223:59:00
CWE-295
web.nvd.nist.gov
9

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

8

Confidence

High

EPSS

0.008

Percentile

82.2%

The esets_daemon service in ESET Endpoint Antivirus for macOS before 6.4.168.0 and Endpoint Security for macOS before 6.4.168.0 does not properly verify X.509 certificates from the edf.eset.com SSL server, which allows man-in-the-middle attackers to spoof this server and provide crafted responses to license activation requests via a self-signed certificate. NOTE: this issue can be combined with CVE-2016-0718 to execute arbitrary code remotely as root.

Affected configurations

Nvd
Node
esetendpoint_antivirusMatch6.3.70.1macos
OR
esetendpoint_securityMatch6.3.70.1macos
VendorProductVersionCPE
esetendpoint_antivirus6.3.70.1cpe:2.3:a:eset:endpoint_antivirus:6.3.70.1:*:*:*:*:macos:*:*
esetendpoint_security6.3.70.1cpe:2.3:a:eset:endpoint_security:6.3.70.1:*:*:*:*:macos:*:*

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

8

Confidence

High

EPSS

0.008

Percentile

82.2%