Lucene search

ESETVULNRICHMENT:CVE-2024-2003

HistoryJun 21, 2024 - 7:20 a.m.

CVE-2024-2003 Local Privilege Escalation in Quarantine of ESET products for Windows

2024-06-2107:20:03

CWE-269

ESET

github.com

cve-2024-2003

local privilege escalation

eset products

windows

quarantine

file operations

restore operation

7.3 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Local privilege escalation vulnerability allowed an attacker to misuse ESET’s file operations during a restore operation from quarantine.

CNA Affected

[
  {
    "vendor": "ESET, spol. s r.o.",
    "modules": [
      "Antivirus and antispyware scanner module"
    ],
    "product": "ESET NOD32 Antivirus",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "1610",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "ESET, spol. s r.o.",
    "modules": [
      "Antivirus and antispyware scanner module"
    ],
    "product": "ESET Internet Security",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "1610",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "ESET, spol. s r.o.",
    "modules": [
      "Antivirus and antispyware scanner module"
    ],
    "product": "ESET Smart Security Premium",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "1610",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "ESET, spol. s r.o.",
    "modules": [
      "Antivirus and antispyware scanner module"
    ],
    "product": "ESET Security Ultimate",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "1610",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "ESET, spol. s r.o.",
    "modules": [
      "Antivirus and antispyware scanner module"
    ],
    "product": "ESET Small Business Security",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "1610",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "ESET, spol. s r.o.",
    "modules": [
      "Antivirus and antispyware scanner module"
    ],
    "product": "ESET Safe Server",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "1610",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "ESET, spol. s r.o.",
    "modules": [
      "Antivirus and antispyware scanner module"
    ],
    "product": "ESET Endpoint Antivirus for Windows",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "1610",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "ESET, spol. s r.o.",
    "modules": [
      "Antivirus and antispyware scanner module"
    ],
    "product": "ESET Endpoint Security for Windows",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "1610",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "ESET, spol. s r.o.",
    "modules": [
      "Antivirus and antispyware scanner module"
    ],
    "product": "ESET Server Security for Windows Server",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "1610",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "ESET, spol. s r.o.",
    "modules": [
      "Antivirus and antispyware scanner module"
    ],
    "product": "ESET Mail Security for Microsoft Exchange Server",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "1610",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "ESET, spol. s r.o.",
    "modules": [
      "Antivirus and antispyware scanner module"
    ],
    "product": "ESET Mail Security for IBM Domino",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "1610",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "ESET, spol. s r.o.",
    "modules": [
      "Antivirus and antispyware scanner module"
    ],
    "product": "ESET Security for Microsoft SharePoint Server",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "1610",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "ESET, spol. s r.o.",
    "modules": [
      "Antivirus and antispyware scanner module"
    ],
    "product": "ESET File Security for Microsoft Azure",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "1610",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

support.eset.com/ca8674

7.3 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for VULNRICHMENT:CVE-2024-2003