CVE-2024-0353

EPSS 0.1%
Veröffentlicht 15.02.2024 08:15:46
Zuletzt bearbeitet 23.01.2025 17:18:06
Quelle security@eset.com
Teams Watchlist Login
Unerledigt Login

Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete files without having proper permission.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Eset ≫ Endpoint Antivirus SwPlatformwindows Version < 8.1.2062.0

Eset ≫ Endpoint Antivirus SwPlatformwindows Version >= 9.0 < 9.1.2071.0

Eset ≫ Endpoint Antivirus SwPlatformwindows Version >= 10.0 < 10.0.2052.0

Eset ≫ Endpoint Antivirus SwPlatformwindows Version >= 10.1 < 10.1.2063.0

Eset ≫ Endpoint Antivirus SwPlatformwindows Version >= 11.0 < 11.0.2032.0

Eset ≫ Endpoint Security SwPlatformwindows Version < 8.1.2062.0

Eset ≫ Endpoint Security SwPlatformwindows Version >= 9.0 < 9.1.2071.0

Eset ≫ Endpoint Security SwPlatformwindows Version >= 10.0 < 10.0.2052.0

Eset ≫ Endpoint Security SwPlatformwindows Version >= 10.1 < 10.1.2063.0

Eset ≫ Endpoint Security SwPlatformwindows Version >= 11.0 < 11.0.2032.0

Eset ≫ File Security SwPlatformazure

Eset ≫ Internet Security Version < 17.0.10.0

Eset ≫ Mail Security SwPlatformexchange_server Version < 7.3.10018.0

Eset ≫ Mail Security SwPlatformdomino Version < 7.3.14006.0

Eset ≫ Mail Security SwPlatformexchange_server Version >= 8.0 < 8.0.10024.0

Eset ≫ Mail Security SwPlatformdomino Version >= 8.0 < 8.0.14014.0

Eset ≫ Mail Security SwPlatformexchange_server Version >= 9.0 < 9.0.10012.0

Eset ≫ Mail Security SwPlatformdomino Version >= 9.0 < 9.0.14008.0

Eset ≫ Mail Security SwPlatformexchange_server Version >= 10.0 < 10.0.10018.0

Eset ≫ Mail Security SwPlatformdomino Version >= 10.0 < 10.0.14007.0

Eset ≫ Mail Security SwPlatformexchange_server Version >= 10.1 < 10.1.10014.0

Eset ≫ Nod32 Antivirus Version < 17.0.10.0

Eset ≫ Security SwPlatformsharepoint_server Version < 7.3.15006.0

Eset ≫ Security SwEditionultimate Version < 17.0.10.0

Eset ≫ Security SwPlatformsharepoint_server Version >= 8.0 < 8.0.15012.0

Eset ≫ Security SwPlatformsharepoint_server Version >= 9.0 < 9.0.15006.0

Eset ≫ Security SwPlatformsharepoint_server Version >= 10.0 < 10.0.15005.0

Eset ≫ Server Security SwPlatformwindows_server Version < 7.3.12013.0

Eset ≫ Server Security SwPlatformwindows_server Version >= 8.0 < 8.0.12016.0

Eset ≫ Server Security SwPlatformwindows_server Version >= 9.0 < 9.0.12019.0

Eset ≫ Server Security SwPlatformwindows_server Version >= 10.0 < 10.0.12015.0

Eset ≫ Smart Security SwEditionpremium Version < 17.0.10.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.287

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
security@eset.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed

Vendor Advisory

https://packetstormsecurity.com/files/179495/ESET-NOD32-Antivirus-17.2.7.0-Unquoted-Service-Path.html

Broken Link

https://packetstormsecurity.com/files/182464/ESET-NOD32-Antivirus-18.0.12.0-Unquoted-Service-Path.html

Broken Link

https://nvd.nist.gov/vuln/detail/CVE-2024-0353

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-0353

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-0353

EUVD