CVE-2024-7400 (GCVE-0-2024-7400)
Vulnerability from cvelistv5 – Published: 2024-09-27 07:02 – Updated: 2024-09-27 18:54
VLAI?
Summary
The vulnerability potentially allowed an attacker to misuse ESET’s file operations during the removal of a detected file on the Windows operating system to delete files without having proper permissions to do so.
Severity ?
CWE
- CWE-1386 - Insecure Operation on Windows Junction / Mount Point
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:eset:security:-:*:*:*:*:sharepoint_server:*:*",
"cpe:2.3:a:eset:safe_server:-:*:*:*:*:*:*:*",
"cpe:2.3:a:eset:security_ultimate:*:*:*:*:*:*:*:*",
"cpe:2.3:a:eset:server_security:-:*:*:*:*:windows_server:*:*",
"cpe:2.3:a:eset:small_business_security:*:*:*:*:*:*:*:*",
"cpe:2.3:a:eset:smart_security:-:*:*:*:premium:*:*:*",
"cpe:2.3:a:eset:nod32_antivirus:*:*:*:*:*:*:*:*",
"cpe:2.3:a:eset:endpoint_antivirus:*:*:*:*:*:*:*:*",
"cpe:2.3:a:eset:endpoint_security:-:*:*:*:*:windows:*:*",
"cpe:2.3:a:eset:file_security:-:*:*:*:*:azure:*:*",
"cpe:2.3:a:eset:internet_security:*:*:*:*:*:*:*:*",
"cpe:2.3:a:eset:mail_security:-:*:*:*:*:domino:*:*",
"cpe:2.3:a:eset:mail_security:-:*:*:*:*:exchange_server:*:*"
],
"defaultStatus": "unaffected",
"product": "mail_security",
"vendor": "eset",
"versions": [
{
"lessThanOrEqual": "1250",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7400",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-27T17:57:43.358687Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T18:54:39.099Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Cleaner module"
],
"product": "ESET NOD32 Antivirus",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThanOrEqual": "1250",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Cleaner module"
],
"product": "ESET Internet Security",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThanOrEqual": "1250",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Cleaner module"
],
"product": "ESET Smart Security Premium",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThanOrEqual": "1250",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Cleaner module"
],
"product": "ESET Security Ultimate",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThanOrEqual": "1250",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Cleaner module"
],
"product": "ESET Small Business Security",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThanOrEqual": "1250",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Cleaner module"
],
"product": "ESET Safe Server",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThanOrEqual": "1250",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Cleaner module"
],
"product": "ESET Endpoint Antivirus",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThanOrEqual": "1250",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Cleaner module"
],
"product": "ESET Endpoint Security for Windows",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThanOrEqual": "1250",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Cleaner module"
],
"product": "ESET Server Security for Windows Server",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThanOrEqual": "1250",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Cleaner module"
],
"product": "ESET Mail Security for Microsoft Exchange Server",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThanOrEqual": "1250",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Cleaner module"
],
"product": "ESET Mail Security for IBM Domino",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThanOrEqual": "1250",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Cleaner module"
],
"product": "ESET Security for Microsoft SharePoint Server",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThanOrEqual": "1250",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Cleaner module"
],
"product": "ESET File Security for Microsoft Azure",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThanOrEqual": "1250",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-09-20T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe vulnerability potentially allowed an attacker to misuse ESET\u2019s file operations during the removal of a detected file on the Windows operating system to delete files without having proper permissions to do so.\u003c/span\u003e"
}
],
"value": "The vulnerability potentially allowed an attacker to misuse ESET\u2019s file operations during the removal of a detected file on the Windows operating system to delete files without having proper permissions to do so."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1386",
"description": "CWE-1386 Insecure Operation on Windows Junction / Mount Point",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T07:02:28.931Z",
"orgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
"shortName": "ESET"
},
"references": [
{
"url": "https://support.eset.com/en/ca8726-local-privilege-escalation-fixed-for-vulnerability-during-detected-file-removal-in-eset-products-for-windows"
}
],
"source": {
"advisory": "ca8726",
"discovery": "UNKNOWN"
},
"title": "Local privilege escalation in ESET products for Windows",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
"assignerShortName": "ESET",
"cveId": "CVE-2024-7400",
"datePublished": "2024-09-27T07:02:28.931Z",
"dateReserved": "2024-08-02T07:12:41.358Z",
"dateUpdated": "2024-09-27T18:54:39.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"The vulnerability potentially allowed an attacker to misuse ESET\\u2019s file operations during the removal of a detected file on the Windows operating system to delete files without having proper permissions to do so.\"}, {\"lang\": \"es\", \"value\": \"La vulnerabilidad potencialmente permiti\\u00f3 a un atacante hacer un mal uso de las operaciones de archivos de ESET durante la eliminaci\\u00f3n de un archivo detectado en el sistema operativo Windows para eliminar archivos sin tener los permisos adecuados para hacerlo.\"}]",
"id": "CVE-2024-7400",
"lastModified": "2024-09-30T12:46:20.237",
"metrics": "{\"cvssMetricV40\": [{\"source\": \"security@eset.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"4.0\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\", \"baseScore\": 8.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"vulnerableSystemConfidentiality\": \"HIGH\", \"vulnerableSystemIntegrity\": \"HIGH\", \"vulnerableSystemAvailability\": \"HIGH\", \"subsequentSystemConfidentiality\": \"NONE\", \"subsequentSystemIntegrity\": \"NONE\", \"subsequentSystemAvailability\": \"NONE\", \"exploitMaturity\": \"NOT_DEFINED\", \"confidentialityRequirements\": \"NOT_DEFINED\", \"integrityRequirements\": \"NOT_DEFINED\", \"availabilityRequirements\": \"NOT_DEFINED\", \"modifiedAttackVector\": \"NOT_DEFINED\", \"modifiedAttackComplexity\": \"NOT_DEFINED\", \"modifiedAttackRequirements\": \"NOT_DEFINED\", \"modifiedPrivilegesRequired\": \"NOT_DEFINED\", \"modifiedUserInteraction\": \"NOT_DEFINED\", \"modifiedVulnerableSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedVulnerableSystemIntegrity\": \"NOT_DEFINED\", \"modifiedVulnerableSystemAvailability\": \"NOT_DEFINED\", \"modifiedSubsequentSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedSubsequentSystemIntegrity\": \"NOT_DEFINED\", \"modifiedSubsequentSystemAvailability\": \"NOT_DEFINED\", \"safety\": \"NOT_DEFINED\", \"automatable\": \"NOT_DEFINED\", \"recovery\": \"NOT_DEFINED\", \"valueDensity\": \"NOT_DEFINED\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\"}}]}",
"published": "2024-09-27T07:15:03.387",
"references": "[{\"url\": \"https://support.eset.com/en/ca8726-local-privilege-escalation-fixed-for-vulnerability-during-detected-file-removal-in-eset-products-for-windows\", \"source\": \"security@eset.com\"}]",
"sourceIdentifier": "security@eset.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": "[{\"source\": \"security@eset.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-1386\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-7400\",\"sourceIdentifier\":\"security@eset.com\",\"published\":\"2024-09-27T07:15:03.387\",\"lastModified\":\"2024-09-30T12:46:20.237\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The vulnerability potentially allowed an attacker to misuse ESET\u2019s file operations during the removal of a detected file on the Windows operating system to delete files without having proper permissions to do so.\"},{\"lang\":\"es\",\"value\":\"La vulnerabilidad potencialmente permiti\u00f3 a un atacante hacer un mal uso de las operaciones de archivos de ESET durante la eliminaci\u00f3n de un archivo detectado en el sistema operativo Windows para eliminar archivos sin tener los permisos adecuados para hacerlo.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security@eset.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"security@eset.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1386\"}]}],\"references\":[{\"url\":\"https://support.eset.com/en/ca8726-local-privilege-escalation-fixed-for-vulnerability-during-detected-file-removal-in-eset-products-for-windows\",\"source\":\"security@eset.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-7400\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-27T17:57:43.358687Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:eset:security:-:*:*:*:*:sharepoint_server:*:*\", \"cpe:2.3:a:eset:safe_server:-:*:*:*:*:*:*:*\", \"cpe:2.3:a:eset:security_ultimate:*:*:*:*:*:*:*:*\", \"cpe:2.3:a:eset:server_security:-:*:*:*:*:windows_server:*:*\", \"cpe:2.3:a:eset:small_business_security:*:*:*:*:*:*:*:*\", \"cpe:2.3:a:eset:smart_security:-:*:*:*:premium:*:*:*\", \"cpe:2.3:a:eset:nod32_antivirus:*:*:*:*:*:*:*:*\", \"cpe:2.3:a:eset:endpoint_antivirus:*:*:*:*:*:*:*:*\", \"cpe:2.3:a:eset:endpoint_security:-:*:*:*:*:windows:*:*\", \"cpe:2.3:a:eset:file_security:-:*:*:*:*:azure:*:*\", \"cpe:2.3:a:eset:internet_security:*:*:*:*:*:*:*:*\", \"cpe:2.3:a:eset:mail_security:-:*:*:*:*:domino:*:*\", \"cpe:2.3:a:eset:mail_security:-:*:*:*:*:exchange_server:*:*\"], \"vendor\": \"eset\", \"product\": \"mail_security\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1250\"}], \"defaultStatus\": \"unaffected\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-27T18:54:31.575Z\"}}], \"cna\": {\"title\": \"Local privilege escalation in ESET products for Windows\", \"source\": {\"advisory\": \"ca8726\", \"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"capecId\": \"CAPEC-233\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-233 Privilege Escalation\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 8.5, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"ESET, spol. s r.o.\", \"modules\": [\"Cleaner module\"], \"product\": \"ESET NOD32 Antivirus\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1250\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"ESET, spol. s r.o.\", \"modules\": [\"Cleaner module\"], \"product\": \"ESET Internet Security\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1250\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"ESET, spol. s r.o.\", \"modules\": [\"Cleaner module\"], \"product\": \"ESET Smart Security Premium\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1250\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"ESET, spol. s r.o.\", \"modules\": [\"Cleaner module\"], \"product\": \"ESET Security Ultimate\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1250\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"ESET, spol. s r.o.\", \"modules\": [\"Cleaner module\"], \"product\": \"ESET Small Business Security\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1250\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"ESET, spol. s r.o.\", \"modules\": [\"Cleaner module\"], \"product\": \"ESET Safe Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1250\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"ESET, spol. s r.o.\", \"modules\": [\"Cleaner module\"], \"product\": \"ESET Endpoint Antivirus\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1250\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"ESET, spol. s r.o.\", \"modules\": [\"Cleaner module\"], \"product\": \"ESET Endpoint Security for Windows\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1250\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"ESET, spol. s r.o.\", \"modules\": [\"Cleaner module\"], \"product\": \"ESET Server Security for Windows Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1250\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"ESET, spol. s r.o.\", \"modules\": [\"Cleaner module\"], \"product\": \"ESET Mail Security for Microsoft Exchange Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1250\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"ESET, spol. s r.o.\", \"modules\": [\"Cleaner module\"], \"product\": \"ESET Mail Security for IBM Domino\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1250\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"ESET, spol. s r.o.\", \"modules\": [\"Cleaner module\"], \"product\": \"ESET Security for Microsoft SharePoint Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1250\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"ESET, spol. s r.o.\", \"modules\": [\"Cleaner module\"], \"product\": \"ESET File Security for Microsoft Azure\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1250\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2024-09-20T10:00:00.000Z\", \"references\": [{\"url\": \"https://support.eset.com/en/ca8726-local-privilege-escalation-fixed-for-vulnerability-during-detected-file-removal-in-eset-products-for-windows\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The vulnerability potentially allowed an attacker to misuse ESET\\u2019s file operations during the removal of a detected file on the Windows operating system to delete files without having proper permissions to do so.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eThe vulnerability potentially allowed an attacker to misuse ESET\\u2019s file operations during the removal of a detected file on the Windows operating system to delete files without having proper permissions to do so.\u003c/span\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1386\", \"description\": \"CWE-1386 Insecure Operation on Windows Junction / Mount Point\"}]}], \"providerMetadata\": {\"orgId\": \"4a9b9929-2450-4021-b7b9-469a0255b215\", \"shortName\": \"ESET\", \"dateUpdated\": \"2024-09-27T07:02:28.931Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-7400\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-27T18:54:39.099Z\", \"dateReserved\": \"2024-08-02T07:12:41.358Z\", \"assignerOrgId\": \"4a9b9929-2450-4021-b7b9-469a0255b215\", \"datePublished\": \"2024-09-27T07:02:28.931Z\", \"assignerShortName\": \"ESET\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…