Vulnerability-Lookup

BDU:2024-01460

Vulnerability from fstec - Published: 14.02.2024

Title

Уязвимость обработчика операций с файлами программного обеспечения антивирусных программных продуктов ESET, позволяющая нарушителю удалять произвольные файлы в системе

Description

Уязвимость обработчика операций с файлами программного обеспечения антивирусных программных продуктов ESET связана с ошибками при управлении привилегиями. Эксплуатация уязвимости может позволить нарушителю удалять произвольные файлы в системе

Severity ?


                    
                      AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vendor

ESET Software

Software Name

ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security Premium, ESET Security Ultimate, ESET Endpoint Antivirus, ESET Endpoint Security, ESET Server Security for Microsoft Windows Server, ESET Mail Security for Microsoft Exchange Server, ESET Mail Security for IBM Domino, ESET Security for Microsoft SharePoint Server

Software Version

до 17.0.10.0 (ESET NOD32 Antivirus), до 17.0.10.0 (ESET Internet Security), до 17.0.10.0 (ESET Smart Security Premium), до 17.0.10.0 (ESET Security Ultimate), от 11.0 до 11.0.2032.0 (ESET Endpoint Antivirus), от 10.1 до 10.1.2063.0 (ESET Endpoint Antivirus), от 10.0 до 10.0.2052.0 (ESET Endpoint Antivirus), от 9.0 до 9.1.2071.0 (ESET Endpoint Antivirus), до 8.1.2062.0 (ESET Endpoint Antivirus), от 11.0 до 11.0.2032.0 (ESET Endpoint Security), от 10.1 до 10.1.2063.0 (ESET Endpoint Security), от 10.0 до 10.0.2052.0 (ESET Endpoint Security), от 9.0 до 9.1.2071.0 (ESET Endpoint Security), до 8.1.2062.0 (ESET Endpoint Security), от 10.0 до 10.0.12015.0 (ESET Server Security for Microsoft Windows Server), от 9.0 до 9.0.12019.0 (ESET Server Security for Microsoft Windows Server), от 8.0 до 8.0.12016.0 (ESET Server Security for Microsoft Windows Server), до 7.3.12013.0 (ESET Server Security for Microsoft Windows Server), от 10.1 до 10.1.10014.0 (ESET Mail Security for Microsoft Exchange Server), от 10.0 до 10.0.10018.0 (ESET Mail Security for Microsoft Exchange Server), от 9.0 до 9.0.10012.0 (ESET Mail Security for Microsoft Exchange Server), от 8.0 до 8.0.10024.0 (ESET Mail Security for Microsoft Exchange Server), до 7.3.10018.0 (ESET Mail Security for Microsoft Exchange Server), от 10.0 до 10.0.14007.0 (ESET Mail Security for IBM Domino), от 9.0 до 9.0.14008.0 (ESET Mail Security for IBM Domino), от 8.0 до 8.0.14014.0 (ESET Mail Security for IBM Domino), до 7.3.14006.0 (ESET Mail Security for IBM Domino), от 10.0 до 10.0.15005.0 (ESET Security for Microsoft SharePoint Server), от 9.0 до 9.0.15006.0 (ESET Security for Microsoft SharePoint Server), от 8.0 до 8.0.15012.0 (ESET Security for Microsoft SharePoint Server), до 7.3.15006.0 (ESET Security for Microsoft SharePoint Server)

Possible Mitigations

Установка обновлений из доверенных источников. В связи со сложившейся обстановкой и введенными санкциями против Российской Федерации рекомендуется устанавливать обновления программного обеспечения только после оценки всех сопутствующих рисков. Компенсирующие меры: - минимизация пользовательских привилегий; - отключение/удаление неиспользуемых учётных записей пользователей. Использование рекомендаций производителя: https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed

Reference

None

CWE

CWE-269

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
  "CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "ESET Software",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 17.0.10.0 (ESET NOD32 Antivirus), \u0434\u043e 17.0.10.0 (ESET Internet Security), \u0434\u043e 17.0.10.0 (ESET Smart Security Premium), \u0434\u043e 17.0.10.0 (ESET Security Ultimate), \u043e\u0442 11.0 \u0434\u043e 11.0.2032.0 (ESET Endpoint Antivirus), \u043e\u0442 10.1 \u0434\u043e 10.1.2063.0 (ESET Endpoint Antivirus), \u043e\u0442 10.0 \u0434\u043e 10.0.2052.0 (ESET Endpoint Antivirus), \u043e\u0442 9.0 \u0434\u043e 9.1.2071.0 (ESET Endpoint Antivirus), \u0434\u043e 8.1.2062.0 (ESET Endpoint Antivirus), \u043e\u0442 11.0 \u0434\u043e 11.0.2032.0 (ESET Endpoint Security), \u043e\u0442 10.1 \u0434\u043e 10.1.2063.0 (ESET Endpoint Security), \u043e\u0442 10.0 \u0434\u043e 10.0.2052.0 (ESET Endpoint Security), \u043e\u0442 9.0 \u0434\u043e 9.1.2071.0 (ESET Endpoint Security), \u0434\u043e 8.1.2062.0 (ESET Endpoint Security), \u043e\u0442 10.0 \u0434\u043e 10.0.12015.0 (ESET Server Security for Microsoft Windows Server), \u043e\u0442 9.0 \u0434\u043e 9.0.12019.0 (ESET Server Security for Microsoft Windows Server), \u043e\u0442 8.0 \u0434\u043e 8.0.12016.0 (ESET Server Security for Microsoft Windows Server), \u0434\u043e 7.3.12013.0 (ESET Server Security for Microsoft Windows Server), \u043e\u0442 10.1 \u0434\u043e 10.1.10014.0 (ESET Mail Security for Microsoft Exchange Server), \u043e\u0442 10.0 \u0434\u043e 10.0.10018.0 (ESET Mail Security for Microsoft Exchange Server), \u043e\u0442 9.0 \u0434\u043e 9.0.10012.0 (ESET Mail Security for Microsoft Exchange Server), \u043e\u0442 8.0 \u0434\u043e 8.0.10024.0 (ESET Mail Security for Microsoft Exchange Server), \u0434\u043e 7.3.10018.0 (ESET Mail Security for Microsoft Exchange Server), \u043e\u0442 10.0 \u0434\u043e 10.0.14007.0 (ESET Mail Security for IBM Domino), \u043e\u0442 9.0 \u0434\u043e 9.0.14008.0 (ESET Mail Security for IBM Domino), \u043e\u0442 8.0 \u0434\u043e 8.0.14014.0 (ESET Mail Security for IBM Domino), \u0434\u043e 7.3.14006.0 (ESET Mail Security for IBM Domino), \u043e\u0442 10.0 \u0434\u043e 10.0.15005.0 (ESET Security for Microsoft SharePoint Server), \u043e\u0442 9.0 \u0434\u043e 9.0.15006.0 (ESET Security for Microsoft SharePoint Server), \u043e\u0442 8.0 \u0434\u043e 8.0.15012.0 (ESET Security for Microsoft SharePoint Server), \u0434\u043e 7.3.15006.0 (ESET Security for Microsoft SharePoint Server)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0438\u0437 \u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0445 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u043e\u0432.\n\u0412 \u0441\u0432\u044f\u0437\u0438 \u0441\u043e \u0441\u043b\u043e\u0436\u0438\u0432\u0448\u0435\u0439\u0441\u044f \u043e\u0431\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u043e\u0439 \u0438 \u0432\u0432\u0435\u0434\u0435\u043d\u043d\u044b\u043c\u0438 \u0441\u0430\u043d\u043a\u0446\u0438\u044f\u043c\u0438 \u043f\u0440\u043e\u0442\u0438\u0432 \u0420\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u043e\u0439 \u0424\u0435\u0434\u0435\u0440\u0430\u0446\u0438\u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u0441\u043b\u0435 \u043e\u0446\u0435\u043d\u043a\u0438 \u0432\u0441\u0435\u0445 \u0441\u043e\u043f\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0445 \u0440\u0438\u0441\u043a\u043e\u0432.\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u043c\u0438\u043d\u0438\u043c\u0438\u0437\u0430\u0446\u0438\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0445 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439;\n- \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435/\u0443\u0434\u0430\u043b\u0435\u043d\u0438\u0435 \u043d\u0435\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0443\u0447\u0451\u0442\u043d\u044b\u0445 \u0437\u0430\u043f\u0438\u0441\u0435\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439.\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "14.02.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "20.02.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "20.02.2024",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-01460",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-0353",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security Premium, ESET Security Ultimate, ESET Endpoint Antivirus, ESET Endpoint Security, ESET Server Security for Microsoft Windows Server, ESET Mail Security for Microsoft Exchange Server, ESET Mail Security for IBM Domino, ESET Security for Microsoft SharePoint Server",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0439 \u0441 \u0444\u0430\u0439\u043b\u0430\u043c\u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0430\u043d\u0442\u0438\u0432\u0438\u0440\u0443\u0441\u043d\u044b\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 ESET, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0443\u0434\u0430\u043b\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0435 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 (CWE-269)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0439 \u0441 \u0444\u0430\u0439\u043b\u0430\u043c\u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0430\u043d\u0442\u0438\u0432\u0438\u0440\u0443\u0441\u043d\u044b\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 ESET \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043f\u0440\u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0443\u0434\u0430\u043b\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": null,
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u0421\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0437\u0430\u0449\u0438\u0442\u044b, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u041f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0437\u0430\u0449\u0438\u0442\u044b",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-269",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)"
}

CVE-2024-0353 (GCVE-0-2024-0353)

Vulnerability from cvelistv5 – Published: 2024-02-15 07:40 – Updated: 2025-12-10 19:33

Title

Local privilege escalation in Windows products

Summary

Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete files without having proper permission.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-269 - Improper Privilege Management

Assigner

ESET

References

URL

Tags

https://support.eset.com/en/ca8612-eset-customer-…

Impacted products

Vendor

Product

Version

ESET, spol. s r.o.

ESET NOD32 Antivirus

Affected: 0 , ≤ 16.2.15.0 (custom)

ESET, spol. s r.o.	ESET Internet Security	Affected: 0 , ≤ 16.2.15.0 (custom)
ESET, spol. s r.o.	ESET Smart Security Premium	Affected: 0 , ≤ 16.2.15.0 (custom)
ESET, spol. s r.o.	ESET Security Ultimate	Affected: 0 , ≤ 16.2.15.0 (custom)
ESET, spol. s r.o.	ESET Endpoint Antivirus for Windows	Affected: 0 , ≤ 10.1.2058.0 (custom) Affected: 0 , ≤ 10.0.2049.0 (custom) Affected: 0 , ≤ 9.1.2066.0 (custom) Affected: 0 , ≤ 8.1.2052.0 (custom)
ESET, spol. s r.o.	ESET Endpoint Security for Windows	Affected: 0 , ≤ 10.1.2058.0 (custom) Affected: 0 , ≤ 10.0.2049.0 (custom) Affected: 0 , ≤ 9.1.2066.0 (custom) Affected: 0 , ≤ 8.1.2052.0 (custom)
ESET, spol. s r.o.	ESET Server Security for Windows Server	Affected: 0 , ≤ 10.0.12014.0 (custom) Affected: 0 , ≤ 9.0.12018.0 (custom) Affected: 0 , ≤ 8.0.12015.0 (custom) Affected: 0 , ≤ 7.3.12011.0 (custom)
ESET, spol. s r.o.	ESET Mail Security for Microsoft Exchange Server	Affected: 0 , ≤ 10.1.10010.0 (custom) Affected: 0 , ≤ 10.0.10017.0 (custom) Affected: 0 , ≤ 9.0.10011.0 (custom) Affected: 0 , ≤ 8.0.10022.0 (custom) Affected: 0 , ≤ 7.3.10014.0 (custom)
ESET, spol. s r.o.	ESET Mail Security for IBM Domino	Affected: 0 , ≤ 10.0.14006.0 (custom) Affected: 0 , ≤ 9.0.14007.0 (custom) Affected: 0 , ≤ 8.0.14010.0 (custom) Affected: 0 , ≤ 7.3.14004.0 (custom)
ESET, spol. s r.o.	ESET Security for Microsoft SharePoint Server	Affected: 0 , ≤ 10.0.15004.0 (custom) Affected: 0 , ≤ 9.0.15005.0 (custom) Affected: 0 , ≤ 8.0.15011.0 (custom) Affected: 0 , ≤ 7.3.15004.0 (custom)
ESET, spol. s r.o.	ESET File Security for Microsoft Azure	Affected: 0 , ≤ all versions (custom)

Date Public ?

2024-02-14 11:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-12-10T19:33:58.732Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://packetstormsecurity.com/files/182464/ESET-NOD32-Antivirus-18.0.12.0-Unquoted-Service-Path.html"
          },
          {
            "url": "https://packetstormsecurity.com/files/179495/ESET-NOD32-Antivirus-17.2.7.0-Unquoted-Service-Path.html"
          },
          {
            "url": "https://www.exploit-db.com/exploits/51351"
          },
          {
            "url": "https://www.exploit-db.com/exploits/51964"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:eset:nod32_antivirus:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "nod32_antivirus",
            "vendor": "eset",
            "versions": [
              {
                "lessThanOrEqual": "16.2.15.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:eset:internet_security:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "internet_security",
            "vendor": "eset",
            "versions": [
              {
                "lessThanOrEqual": "16.2.15.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:eset:smart_security_premium:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "smart_security_premium",
            "vendor": "eset",
            "versions": [
              {
                "lessThanOrEqual": "16.2.15.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:eset:security_ultimate:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "security_ultimate",
            "vendor": "eset",
            "versions": [
              {
                "lessThanOrEqual": "16.2.15.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:eset:endpoint_antivirus:-:*:*:*:*:windows:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "endpoint_antivirus",
            "vendor": "eset",
            "versions": [
              {
                "lessThanOrEqual": "10.1.2058.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:eset:endpoint_security:-:*:*:*:*:windows:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "endpoint_security",
            "vendor": "eset",
            "versions": [
              {
                "lessThanOrEqual": "10.1.2058.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:eset:server_security:-:*:*:*:*:windows_server:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "server_security",
            "vendor": "eset",
            "versions": [
              {
                "lessThanOrEqual": "10.0.12014.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:eset:mail_security:-:*:*:*:*:exchange_server:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mail_security",
            "vendor": "eset",
            "versions": [
              {
                "lessThanOrEqual": "10.1.10010.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:eset:mail_security:-:*:*:*:*:domino:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mail_security",
            "vendor": "eset",
            "versions": [
              {
                "lessThanOrEqual": "10.0.14006.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:eset:security:-:*:*:*:*:sharepoint_server:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "security",
            "vendor": "eset",
            "versions": [
              {
                "lessThanOrEqual": "10.0.15004.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:eset:file_security:-:*:*:*:*:azure:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "file_security",
            "vendor": "eset",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-0353",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-20T19:22:48.853538Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-20T19:53:00.534Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "ESET NOD32 Antivirus",
          "vendor": "ESET, spol. s r.o.",
          "versions": [
            {
              "lessThanOrEqual": "16.2.15.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ESET Internet Security",
          "vendor": "ESET, spol. s r.o.",
          "versions": [
            {
              "lessThanOrEqual": "16.2.15.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ESET Smart Security Premium",
          "vendor": "ESET, spol. s r.o.",
          "versions": [
            {
              "lessThanOrEqual": "16.2.15.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ESET Security Ultimate",
          "vendor": "ESET, spol. s r.o.",
          "versions": [
            {
              "lessThanOrEqual": "16.2.15.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ESET Endpoint Antivirus for Windows",
          "vendor": "ESET, spol. s r.o.",
          "versions": [
            {
              "lessThanOrEqual": "10.1.2058.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "10.0.2049.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.1.2066.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "8.1.2052.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ESET Endpoint Security for Windows",
          "vendor": "ESET, spol. s r.o.",
          "versions": [
            {
              "lessThanOrEqual": "10.1.2058.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "10.0.2049.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.1.2066.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "8.1.2052.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ESET Server Security for Windows Server",
          "vendor": "ESET, spol. s r.o.",
          "versions": [
            {
              "lessThanOrEqual": "10.0.12014.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.0.12018.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "8.0.12015.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "7.3.12011.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ESET Mail Security for Microsoft Exchange Server",
          "vendor": "ESET, spol. s r.o.",
          "versions": [
            {
              "lessThanOrEqual": "10.1.10010.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "10.0.10017.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.0.10011.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "8.0.10022.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "7.3.10014.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ESET Mail Security for IBM Domino",
          "vendor": "ESET, spol. s r.o.",
          "versions": [
            {
              "lessThanOrEqual": "10.0.14006.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.0.14007.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "8.0.14010.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "7.3.14004.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ESET Security for Microsoft SharePoint Server",
          "vendor": "ESET, spol. s r.o.",
          "versions": [
            {
              "lessThanOrEqual": "10.0.15004.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.0.15005.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "8.0.15011.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "7.3.15004.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ESET File Security for Microsoft Azure",
          "vendor": "ESET, spol. s r.o.",
          "versions": [
            {
              "lessThanOrEqual": "all versions",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-02-14T11:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET\u2019s file operations to delete files without having proper permission."
            }
          ],
          "value": "Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET\u2019s file operations to delete files without having proper permission."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-15T07:40:24.786Z",
        "orgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
        "shortName": "ESET"
      },
      "references": [
        {
          "url": "https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed"
        }
      ],
      "source": {
        "advisory": "ca8612",
        "discovery": "UNKNOWN"
      },
      "title": "Local privilege escalation in Windows products",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
    "assignerShortName": "ESET",
    "cveId": "CVE-2024-0353",
    "datePublished": "2024-02-15T07:40:24.786Z",
    "dateReserved": "2024-01-09T14:21:58.755Z",
    "dateUpdated": "2025-12-10T19:33:58.732Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2024-01460

CVE-2024-0353 (GCVE-0-2024-0353)

Tags

Sightings

Nomenclature