certfr_avis - certfr-2024-avi-0079

CERTFR-2024-AVI-0079

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans les produits ESET. Elle permet à un attaquant de provoquer une exécution de code arbitraire.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
ESET	N/A	ESET Endpoint Security et ESET Endpoint Antivirus versions antérieures à 11.0.2032.x
ESET	Mail Security	ESET Mail Security pour Microsoft Exchange Server versions antérieures à 10.1.10014.0
ESET	N/A	ESET NOD32 Antivirus, ESET Internet Security et ESET Smart Security Premium versions antérieures à 17.0.15.0

References

Title

Publication Time

CVE-2023-7043 (GCVE-0-2023-7043)

Vulnerability from cvelistv5 – Published: 2024-01-31 12:51 – Updated: 2024-10-17 17:54

Summary

Unquoted service path in ESET products allows to drop a prepared program to a specific location and run on boot with the NT AUTHORITY\NetworkService permissions.

Severity ?

3.3 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE

CWE-428 - Unquoted Search Path or Element

Assigner

ESET

References

URL

Tags

https://support.eset.com/en/ca8602

Impacted products

Vendor

Product

Version

ESET, spol. s r.o.

ESET Endpoint Security

Affected: 10.1.2046.x , ≤ 10.1.2063.x (custom)

ESET, spol. s r.o.	ESET Endpoint Antivirus	Affected: 10.1.2046.x , ≤ 10.1.2063.x (custom)
ESET, spol. s r.o.	ESET NOD32 Antivirus	Affected: 16.1.14.0 , ≤ 16.2.15.0 (custom)
ESET, spol. s r.o.	ESET Internet Security	Affected: 16.1.14.0 , ≤ 16.2.15.0 (custom)
ESET, spol. s r.o.	ESET Smart Security Premium	Affected: 16.1.14.0 , ≤ 16.2.15.0 (custom)
ESET, spol. s r.o.	ESET Mail Security for Microsoft Exchange Server	Affected: 10.1.10012.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:50:07.939Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.eset.com/en/ca8602"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-7043",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-01-31T15:52:23.258496Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-17T17:54:28.120Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "ESET Endpoint Security",
          "vendor": "ESET, spol. s r.o.",
          "versions": [
            {
              "lessThanOrEqual": "10.1.2063.x",
              "status": "affected",
              "version": "10.1.2046.x",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ESET Endpoint Antivirus",
          "vendor": "ESET, spol. s r.o.",
          "versions": [
            {
              "lessThanOrEqual": "10.1.2063.x",
              "status": "affected",
              "version": "10.1.2046.x",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ESET NOD32 Antivirus",
          "vendor": "ESET, spol. s r.o.",
          "versions": [
            {
              "lessThanOrEqual": "16.2.15.0",
              "status": "affected",
              "version": "16.1.14.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ESET Internet Security",
          "vendor": "ESET, spol. s r.o.",
          "versions": [
            {
              "lessThanOrEqual": "16.2.15.0",
              "status": "affected",
              "version": "16.1.14.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ESET Smart Security Premium",
          "vendor": "ESET, spol. s r.o.",
          "versions": [
            {
              "lessThanOrEqual": "16.2.15.0",
              "status": "affected",
              "version": "16.1.14.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ESET Mail Security for Microsoft Exchange Server",
          "vendor": "ESET, spol. s r.o.",
          "versions": [
            {
              "status": "affected",
              "version": "10.1.10012.0"
            }
          ]
        }
      ],
      "datePublic": "2024-01-26T11:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Unquoted service path in ESET products allows to \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003edrop a prepared program to a specific location\u003c/span\u003e\u0026nbsp;and\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003erun on boot with \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ethe \n\nNT AUTHORITY\\NetworkService\u0026nbsp;permissions.\u003c/span\u003e"
            }
          ],
          "value": "Unquoted service path in ESET products allows to \n\ndrop a prepared program to a specific location\u00a0and\u00a0run on boot with the \n\nNT AUTHORITY\\NetworkService\u00a0permissions."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-428",
              "description": "CWE-428 Unquoted Search Path or Element",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-31T12:52:10.301Z",
        "orgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
        "shortName": "ESET"
      },
      "references": [
        {
          "url": "https://support.eset.com/en/ca8602"
        }
      ],
      "source": {
        "advisory": "ca8602",
        "discovery": "UNKNOWN"
      },
      "title": "Unquoted path privilege vulnerability in ESET products for Windows",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
    "assignerShortName": "ESET",
    "cveId": "CVE-2023-7043",
    "datePublished": "2024-01-31T12:51:38.253Z",
    "dateReserved": "2023-12-21T12:14:56.731Z",
    "dateUpdated": "2024-10-17T17:54:28.120Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted