Vulnerability-Lookup

CVE-2024-0353 (GCVE-0-2024-0353)

Vulnerability from cvelistv5 – Published: 2024-02-15 07:40 – Updated: 2025-12-10 19:33

Title

Local privilege escalation in Windows products

Summary

Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete files without having proper permission.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-269 - Improper Privilege Management

Assigner

ESET

References

URL

Tags

https://support.eset.com/en/ca8612-eset-customer-…

Impacted products

Vendor

Product

Version

ESET, spol. s r.o.

ESET NOD32 Antivirus

Affected: 0 , ≤ 16.2.15.0 (custom)

ESET, spol. s r.o.	ESET Internet Security	Affected: 0 , ≤ 16.2.15.0 (custom)
ESET, spol. s r.o.	ESET Smart Security Premium	Affected: 0 , ≤ 16.2.15.0 (custom)
ESET, spol. s r.o.	ESET Security Ultimate	Affected: 0 , ≤ 16.2.15.0 (custom)
ESET, spol. s r.o.	ESET Endpoint Antivirus for Windows	Affected: 0 , ≤ 10.1.2058.0 (custom) Affected: 0 , ≤ 10.0.2049.0 (custom) Affected: 0 , ≤ 9.1.2066.0 (custom) Affected: 0 , ≤ 8.1.2052.0 (custom)
ESET, spol. s r.o.	ESET Endpoint Security for Windows	Affected: 0 , ≤ 10.1.2058.0 (custom) Affected: 0 , ≤ 10.0.2049.0 (custom) Affected: 0 , ≤ 9.1.2066.0 (custom) Affected: 0 , ≤ 8.1.2052.0 (custom)
ESET, spol. s r.o.	ESET Server Security for Windows Server	Affected: 0 , ≤ 10.0.12014.0 (custom) Affected: 0 , ≤ 9.0.12018.0 (custom) Affected: 0 , ≤ 8.0.12015.0 (custom) Affected: 0 , ≤ 7.3.12011.0 (custom)
ESET, spol. s r.o.	ESET Mail Security for Microsoft Exchange Server	Affected: 0 , ≤ 10.1.10010.0 (custom) Affected: 0 , ≤ 10.0.10017.0 (custom) Affected: 0 , ≤ 9.0.10011.0 (custom) Affected: 0 , ≤ 8.0.10022.0 (custom) Affected: 0 , ≤ 7.3.10014.0 (custom)
ESET, spol. s r.o.	ESET Mail Security for IBM Domino	Affected: 0 , ≤ 10.0.14006.0 (custom) Affected: 0 , ≤ 9.0.14007.0 (custom) Affected: 0 , ≤ 8.0.14010.0 (custom) Affected: 0 , ≤ 7.3.14004.0 (custom)
ESET, spol. s r.o.	ESET Security for Microsoft SharePoint Server	Affected: 0 , ≤ 10.0.15004.0 (custom) Affected: 0 , ≤ 9.0.15005.0 (custom) Affected: 0 , ≤ 8.0.15011.0 (custom) Affected: 0 , ≤ 7.3.15004.0 (custom)
ESET, spol. s r.o.	ESET File Security for Microsoft Azure	Affected: 0 , ≤ all versions (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-12-10T19:33:58.732Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://packetstormsecurity.com/files/182464/ESET-NOD32-Antivirus-18.0.12.0-Unquoted-Service-Path.html"
          },
          {
            "url": "https://packetstormsecurity.com/files/179495/ESET-NOD32-Antivirus-17.2.7.0-Unquoted-Service-Path.html"
          },
          {
            "url": "https://www.exploit-db.com/exploits/51351"
          },
          {
            "url": "https://www.exploit-db.com/exploits/51964"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:eset:nod32_antivirus:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "nod32_antivirus",
            "vendor": "eset",
            "versions": [
              {
                "lessThanOrEqual": "16.2.15.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:eset:internet_security:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "internet_security",
            "vendor": "eset",
            "versions": [
              {
                "lessThanOrEqual": "16.2.15.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:eset:smart_security_premium:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "smart_security_premium",
            "vendor": "eset",
            "versions": [
              {
                "lessThanOrEqual": "16.2.15.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:eset:security_ultimate:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "security_ultimate",
            "vendor": "eset",
            "versions": [
              {
                "lessThanOrEqual": "16.2.15.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:eset:endpoint_antivirus:-:*:*:*:*:windows:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "endpoint_antivirus",
            "vendor": "eset",
            "versions": [
              {
                "lessThanOrEqual": "10.1.2058.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:eset:endpoint_security:-:*:*:*:*:windows:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "endpoint_security",
            "vendor": "eset",
            "versions": [
              {
                "lessThanOrEqual": "10.1.2058.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:eset:server_security:-:*:*:*:*:windows_server:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "server_security",
            "vendor": "eset",
            "versions": [
              {
                "lessThanOrEqual": "10.0.12014.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:eset:mail_security:-:*:*:*:*:exchange_server:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mail_security",
            "vendor": "eset",
            "versions": [
              {
                "lessThanOrEqual": "10.1.10010.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:eset:mail_security:-:*:*:*:*:domino:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mail_security",
            "vendor": "eset",
            "versions": [
              {
                "lessThanOrEqual": "10.0.14006.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:eset:security:-:*:*:*:*:sharepoint_server:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "security",
            "vendor": "eset",
            "versions": [
              {
                "lessThanOrEqual": "10.0.15004.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:eset:file_security:-:*:*:*:*:azure:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "file_security",
            "vendor": "eset",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-0353",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-20T19:22:48.853538Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-20T19:53:00.534Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "ESET NOD32 Antivirus",
          "vendor": "ESET, spol. s r.o.",
          "versions": [
            {
              "lessThanOrEqual": "16.2.15.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ESET Internet Security",
          "vendor": "ESET, spol. s r.o.",
          "versions": [
            {
              "lessThanOrEqual": "16.2.15.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ESET Smart Security Premium",
          "vendor": "ESET, spol. s r.o.",
          "versions": [
            {
              "lessThanOrEqual": "16.2.15.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ESET Security Ultimate",
          "vendor": "ESET, spol. s r.o.",
          "versions": [
            {
              "lessThanOrEqual": "16.2.15.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ESET Endpoint Antivirus for Windows",
          "vendor": "ESET, spol. s r.o.",
          "versions": [
            {
              "lessThanOrEqual": "10.1.2058.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "10.0.2049.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.1.2066.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "8.1.2052.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ESET Endpoint Security for Windows",
          "vendor": "ESET, spol. s r.o.",
          "versions": [
            {
              "lessThanOrEqual": "10.1.2058.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "10.0.2049.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.1.2066.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "8.1.2052.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ESET Server Security for Windows Server",
          "vendor": "ESET, spol. s r.o.",
          "versions": [
            {
              "lessThanOrEqual": "10.0.12014.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.0.12018.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "8.0.12015.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "7.3.12011.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ESET Mail Security for Microsoft Exchange Server",
          "vendor": "ESET, spol. s r.o.",
          "versions": [
            {
              "lessThanOrEqual": "10.1.10010.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "10.0.10017.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.0.10011.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "8.0.10022.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "7.3.10014.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ESET Mail Security for IBM Domino",
          "vendor": "ESET, spol. s r.o.",
          "versions": [
            {
              "lessThanOrEqual": "10.0.14006.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.0.14007.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "8.0.14010.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "7.3.14004.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ESET Security for Microsoft SharePoint Server",
          "vendor": "ESET, spol. s r.o.",
          "versions": [
            {
              "lessThanOrEqual": "10.0.15004.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.0.15005.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "8.0.15011.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "7.3.15004.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ESET File Security for Microsoft Azure",
          "vendor": "ESET, spol. s r.o.",
          "versions": [
            {
              "lessThanOrEqual": "all versions",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-02-14T11:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET\u2019s file operations to delete files without having proper permission."
            }
          ],
          "value": "Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET\u2019s file operations to delete files without having proper permission."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-15T07:40:24.786Z",
        "orgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
        "shortName": "ESET"
      },
      "references": [
        {
          "url": "https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed"
        }
      ],
      "source": {
        "advisory": "ca8612",
        "discovery": "UNKNOWN"
      },
      "title": "Local privilege escalation in Windows products",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
    "assignerShortName": "ESET",
    "cveId": "CVE-2024-0353",
    "datePublished": "2024-02-15T07:40:24.786Z",
    "dateReserved": "2024-01-09T14:21:58.755Z",
    "dateUpdated": "2025-12-10T19:33:58.732Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://packetstormsecurity.com/files/182464/ESET-NOD32-Antivirus-18.0.12.0-Unquoted-Service-Path.html\"}, {\"url\": \"https://packetstormsecurity.com/files/179495/ESET-NOD32-Antivirus-17.2.7.0-Unquoted-Service-Path.html\"}, {\"url\": \"https://www.exploit-db.com/exploits/51351\"}, {\"url\": \"https://www.exploit-db.com/exploits/51964\"}, {\"url\": \"https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed\", \"tags\": [\"x_transferred\"]}], \"x_generator\": {\"engine\": \"ADPogram 0.0.1\"}, \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-12-10T19:33:58.732Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-0353\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-20T19:22:48.853538Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:eset:nod32_antivirus:*:*:*:*:*:*:*:*\"], \"vendor\": \"eset\", \"product\": \"nod32_antivirus\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"16.2.15.0\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:eset:internet_security:*:*:*:*:*:*:*:*\"], \"vendor\": \"eset\", \"product\": \"internet_security\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"16.2.15.0\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:eset:smart_security_premium:*:*:*:*:*:*:*:*\"], \"vendor\": \"eset\", \"product\": \"smart_security_premium\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"16.2.15.0\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:eset:security_ultimate:*:*:*:*:*:*:*:*\"], \"vendor\": \"eset\", \"product\": \"security_ultimate\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"16.2.15.0\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:eset:endpoint_antivirus:-:*:*:*:*:windows:*:*\"], \"vendor\": \"eset\", \"product\": \"endpoint_antivirus\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"10.1.2058.0\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:eset:endpoint_security:-:*:*:*:*:windows:*:*\"], \"vendor\": \"eset\", \"product\": \"endpoint_security\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"10.1.2058.0\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:eset:server_security:-:*:*:*:*:windows_server:*:*\"], \"vendor\": \"eset\", \"product\": \"server_security\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"10.0.12014.0\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:eset:mail_security:-:*:*:*:*:exchange_server:*:*\"], \"vendor\": \"eset\", \"product\": \"mail_security\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"10.1.10010.0\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:eset:mail_security:-:*:*:*:*:domino:*:*\"], \"vendor\": \"eset\", \"product\": \"mail_security\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"10.0.14006.0\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:eset:security:-:*:*:*:*:sharepoint_server:*:*\"], \"vendor\": \"eset\", \"product\": \"security\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"10.0.15004.0\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:eset:file_security:-:*:*:*:*:azure:*:*\"], \"vendor\": \"eset\", \"product\": \"file_security\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"*\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-20T19:52:39.580Z\"}}], \"cna\": {\"title\": \"Local privilege escalation in Windows products\", \"source\": {\"advisory\": \"ca8612\", \"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"capecId\": \"CAPEC-233\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-233 Privilege Escalation\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"ESET, spol. s r.o.\", \"product\": \"ESET NOD32 Antivirus\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"16.2.15.0\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"ESET, spol. s r.o.\", \"product\": \"ESET Internet Security\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"16.2.15.0\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"ESET, spol. s r.o.\", \"product\": \"ESET Smart Security Premium\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"16.2.15.0\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"ESET, spol. s r.o.\", \"product\": \"ESET Security Ultimate\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"16.2.15.0\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"ESET, spol. s r.o.\", \"product\": \"ESET Endpoint Antivirus for Windows\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"10.1.2058.0\"}, {\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"10.0.2049.0\"}, {\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"9.1.2066.0\"}, {\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.1.2052.0\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"ESET, spol. s r.o.\", \"product\": \"ESET Endpoint Security for Windows\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"10.1.2058.0\"}, {\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"10.0.2049.0\"}, {\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"9.1.2066.0\"}, {\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.1.2052.0\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"ESET, spol. s r.o.\", \"product\": \"ESET Server Security for Windows Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"10.0.12014.0\"}, {\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"9.0.12018.0\"}, {\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.0.12015.0\"}, {\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"7.3.12011.0\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"ESET, spol. s r.o.\", \"product\": \"ESET Mail Security for Microsoft Exchange Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"10.1.10010.0\"}, {\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"10.0.10017.0\"}, {\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"9.0.10011.0\"}, {\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.0.10022.0\"}, {\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"7.3.10014.0\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"ESET, spol. s r.o.\", \"product\": \"ESET Mail Security for IBM Domino\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"10.0.14006.0\"}, {\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"9.0.14007.0\"}, {\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.0.14010.0\"}, {\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"7.3.14004.0\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"ESET, spol. s r.o.\", \"product\": \"ESET Security for Microsoft SharePoint Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"10.0.15004.0\"}, {\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"9.0.15005.0\"}, {\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.0.15011.0\"}, {\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"7.3.15004.0\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"ESET, spol. s r.o.\", \"product\": \"ESET File Security for Microsoft Azure\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"all versions\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2024-02-14T11:00:00.000Z\", \"references\": [{\"url\": \"https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET\\u2019s file operations to delete files without having proper permission.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET\\u2019s file operations to delete files without having proper permission.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-269\", \"description\": \"CWE-269 Improper Privilege Management\"}]}], \"providerMetadata\": {\"orgId\": \"4a9b9929-2450-4021-b7b9-469a0255b215\", \"shortName\": \"ESET\", \"dateUpdated\": \"2024-02-15T07:40:24.786Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-0353\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-12-10T19:33:58.732Z\", \"dateReserved\": \"2024-01-09T14:21:58.755Z\", \"assignerOrgId\": \"4a9b9929-2450-4021-b7b9-469a0255b215\", \"datePublished\": \"2024-02-15T07:40:24.786Z\", \"assignerShortName\": \"ESET\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

GSD-2024-0353

Vulnerability from gsd - Updated: 2024-01-10 06:02

Details

Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete files without having proper permission.

Aliases

CVE-2024-0353

JSON

To clipboard

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2024-0353"
      ],
      "details": "Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET\u2019s file operations to delete files without having proper permission.",
      "id": "GSD-2024-0353",
      "modified": "2024-01-10T06:02:19.995491Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@eset.com",
        "ID": "CVE-2024-0353",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "ESET NOD32 Antivirus",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "0",
                          "version_value": "16.2.15.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "ESET Internet Security",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "0",
                          "version_value": "16.2.15.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "ESET Smart Security Premium",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "0",
                          "version_value": "16.2.15.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "ESET Security Ultimate",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "0",
                          "version_value": "16.2.15.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "ESET Endpoint Antivirus for Windows",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "0",
                          "version_value": "10.1.2058.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "ESET Endpoint Security for Windows",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "0",
                          "version_value": "10.1.2058.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "ESET Server Security for Windows Server",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "0",
                          "version_value": "10.0.12014.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "ESET Mail Security for Microsoft Exchange Server",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "0",
                          "version_value": "10.1.10010.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "ESET Mail Security for IBM Domino",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "0",
                          "version_value": "10.0.14006.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "ESET Security for Microsoft SharePoint Server",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "0",
                          "version_value": "10.0.15004.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "ESET File Security for Microsoft Azure",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "0",
                          "version_value": "all versions"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "ESET, spol. s r.o."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET\u2019s file operations to delete files without having proper permission."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-269",
                "lang": "eng",
                "value": "CWE-269 Improper Privilege Management"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed",
            "refsource": "MISC",
            "url": "https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed"
          }
        ]
      },
      "source": {
        "advisory": "ca8612",
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "descriptions": [
          {
            "lang": "en",
            "value": "Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET\u2019s file operations to delete files without having proper permission."
          }
        ],
        "id": "CVE-2024-0353",
        "lastModified": "2024-02-15T14:28:31.380",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 1.8,
              "impactScore": 5.9,
              "source": "security@eset.com",
              "type": "Secondary"
            }
          ]
        },
        "published": "2024-02-15T08:15:46.023",
        "references": [
          {
            "source": "security@eset.com",
            "url": "https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed"
          }
        ],
        "sourceIdentifier": "security@eset.com",
        "vulnStatus": "Awaiting Analysis",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-269"
              }
            ],
            "source": "security@eset.com",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}

CVE-2024-0353

Vulnerability from fstec - Published: 14.02.2024

Title

Уязвимость обработчика операций с файлами программного обеспечения антивирусных программных продуктов ESET, позволяющая нарушителю удалять произвольные файлы в системе

Description

Уязвимость обработчика операций с файлами программного обеспечения антивирусных программных продуктов ESET связана с ошибками при управлении привилегиями. Эксплуатация уязвимости может позволить нарушителю удалять произвольные файлы в системе

Severity ?


                    
                      AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vendor

ESET Software

Software Name

ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security Premium, ESET Security Ultimate, ESET Endpoint Antivirus, ESET Endpoint Security, ESET Server Security for Microsoft Windows Server, ESET Mail Security for Microsoft Exchange Server, ESET Mail Security for IBM Domino, ESET Security for Microsoft SharePoint Server

Software Version

до 17.0.10.0 (ESET NOD32 Antivirus), до 17.0.10.0 (ESET Internet Security), до 17.0.10.0 (ESET Smart Security Premium), до 17.0.10.0 (ESET Security Ultimate), от 11.0 до 11.0.2032.0 (ESET Endpoint Antivirus), от 10.1 до 10.1.2063.0 (ESET Endpoint Antivirus), от 10.0 до 10.0.2052.0 (ESET Endpoint Antivirus), от 9.0 до 9.1.2071.0 (ESET Endpoint Antivirus), до 8.1.2062.0 (ESET Endpoint Antivirus), от 11.0 до 11.0.2032.0 (ESET Endpoint Security), от 10.1 до 10.1.2063.0 (ESET Endpoint Security), от 10.0 до 10.0.2052.0 (ESET Endpoint Security), от 9.0 до 9.1.2071.0 (ESET Endpoint Security), до 8.1.2062.0 (ESET Endpoint Security), от 10.0 до 10.0.12015.0 (ESET Server Security for Microsoft Windows Server), от 9.0 до 9.0.12019.0 (ESET Server Security for Microsoft Windows Server), от 8.0 до 8.0.12016.0 (ESET Server Security for Microsoft Windows Server), до 7.3.12013.0 (ESET Server Security for Microsoft Windows Server), от 10.1 до 10.1.10014.0 (ESET Mail Security for Microsoft Exchange Server), от 10.0 до 10.0.10018.0 (ESET Mail Security for Microsoft Exchange Server), от 9.0 до 9.0.10012.0 (ESET Mail Security for Microsoft Exchange Server), от 8.0 до 8.0.10024.0 (ESET Mail Security for Microsoft Exchange Server), до 7.3.10018.0 (ESET Mail Security for Microsoft Exchange Server), от 10.0 до 10.0.14007.0 (ESET Mail Security for IBM Domino), от 9.0 до 9.0.14008.0 (ESET Mail Security for IBM Domino), от 8.0 до 8.0.14014.0 (ESET Mail Security for IBM Domino), до 7.3.14006.0 (ESET Mail Security for IBM Domino), от 10.0 до 10.0.15005.0 (ESET Security for Microsoft SharePoint Server), от 9.0 до 9.0.15006.0 (ESET Security for Microsoft SharePoint Server), от 8.0 до 8.0.15012.0 (ESET Security for Microsoft SharePoint Server), до 7.3.15006.0 (ESET Security for Microsoft SharePoint Server)

Possible Mitigations

Установка обновлений из доверенных источников. В связи со сложившейся обстановкой и введенными санкциями против Российской Федерации рекомендуется устанавливать обновления программного обеспечения только после оценки всех сопутствующих рисков. Компенсирующие меры: - минимизация пользовательских привилегий; - отключение/удаление неиспользуемых учётных записей пользователей. Использование рекомендаций производителя: https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed

Reference

None

CWE

CWE-269

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
  "CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "ESET Software",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 17.0.10.0 (ESET NOD32 Antivirus), \u0434\u043e 17.0.10.0 (ESET Internet Security), \u0434\u043e 17.0.10.0 (ESET Smart Security Premium), \u0434\u043e 17.0.10.0 (ESET Security Ultimate), \u043e\u0442 11.0 \u0434\u043e 11.0.2032.0 (ESET Endpoint Antivirus), \u043e\u0442 10.1 \u0434\u043e 10.1.2063.0 (ESET Endpoint Antivirus), \u043e\u0442 10.0 \u0434\u043e 10.0.2052.0 (ESET Endpoint Antivirus), \u043e\u0442 9.0 \u0434\u043e 9.1.2071.0 (ESET Endpoint Antivirus), \u0434\u043e 8.1.2062.0 (ESET Endpoint Antivirus), \u043e\u0442 11.0 \u0434\u043e 11.0.2032.0 (ESET Endpoint Security), \u043e\u0442 10.1 \u0434\u043e 10.1.2063.0 (ESET Endpoint Security), \u043e\u0442 10.0 \u0434\u043e 10.0.2052.0 (ESET Endpoint Security), \u043e\u0442 9.0 \u0434\u043e 9.1.2071.0 (ESET Endpoint Security), \u0434\u043e 8.1.2062.0 (ESET Endpoint Security), \u043e\u0442 10.0 \u0434\u043e 10.0.12015.0 (ESET Server Security for Microsoft Windows Server), \u043e\u0442 9.0 \u0434\u043e 9.0.12019.0 (ESET Server Security for Microsoft Windows Server), \u043e\u0442 8.0 \u0434\u043e 8.0.12016.0 (ESET Server Security for Microsoft Windows Server), \u0434\u043e 7.3.12013.0 (ESET Server Security for Microsoft Windows Server), \u043e\u0442 10.1 \u0434\u043e 10.1.10014.0 (ESET Mail Security for Microsoft Exchange Server), \u043e\u0442 10.0 \u0434\u043e 10.0.10018.0 (ESET Mail Security for Microsoft Exchange Server), \u043e\u0442 9.0 \u0434\u043e 9.0.10012.0 (ESET Mail Security for Microsoft Exchange Server), \u043e\u0442 8.0 \u0434\u043e 8.0.10024.0 (ESET Mail Security for Microsoft Exchange Server), \u0434\u043e 7.3.10018.0 (ESET Mail Security for Microsoft Exchange Server), \u043e\u0442 10.0 \u0434\u043e 10.0.14007.0 (ESET Mail Security for IBM Domino), \u043e\u0442 9.0 \u0434\u043e 9.0.14008.0 (ESET Mail Security for IBM Domino), \u043e\u0442 8.0 \u0434\u043e 8.0.14014.0 (ESET Mail Security for IBM Domino), \u0434\u043e 7.3.14006.0 (ESET Mail Security for IBM Domino), \u043e\u0442 10.0 \u0434\u043e 10.0.15005.0 (ESET Security for Microsoft SharePoint Server), \u043e\u0442 9.0 \u0434\u043e 9.0.15006.0 (ESET Security for Microsoft SharePoint Server), \u043e\u0442 8.0 \u0434\u043e 8.0.15012.0 (ESET Security for Microsoft SharePoint Server), \u0434\u043e 7.3.15006.0 (ESET Security for Microsoft SharePoint Server)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0438\u0437 \u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0445 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u043e\u0432.\n\u0412 \u0441\u0432\u044f\u0437\u0438 \u0441\u043e \u0441\u043b\u043e\u0436\u0438\u0432\u0448\u0435\u0439\u0441\u044f \u043e\u0431\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u043e\u0439 \u0438 \u0432\u0432\u0435\u0434\u0435\u043d\u043d\u044b\u043c\u0438 \u0441\u0430\u043d\u043a\u0446\u0438\u044f\u043c\u0438 \u043f\u0440\u043e\u0442\u0438\u0432 \u0420\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u043e\u0439 \u0424\u0435\u0434\u0435\u0440\u0430\u0446\u0438\u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u0441\u043b\u0435 \u043e\u0446\u0435\u043d\u043a\u0438 \u0432\u0441\u0435\u0445 \u0441\u043e\u043f\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0445 \u0440\u0438\u0441\u043a\u043e\u0432.\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u043c\u0438\u043d\u0438\u043c\u0438\u0437\u0430\u0446\u0438\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0445 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439;\n- \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435/\u0443\u0434\u0430\u043b\u0435\u043d\u0438\u0435 \u043d\u0435\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0443\u0447\u0451\u0442\u043d\u044b\u0445 \u0437\u0430\u043f\u0438\u0441\u0435\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439.\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "14.02.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "20.02.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "20.02.2024",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-01460",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-0353",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security Premium, ESET Security Ultimate, ESET Endpoint Antivirus, ESET Endpoint Security, ESET Server Security for Microsoft Windows Server, ESET Mail Security for Microsoft Exchange Server, ESET Mail Security for IBM Domino, ESET Security for Microsoft SharePoint Server",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0439 \u0441 \u0444\u0430\u0439\u043b\u0430\u043c\u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0430\u043d\u0442\u0438\u0432\u0438\u0440\u0443\u0441\u043d\u044b\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 ESET, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0443\u0434\u0430\u043b\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0435 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 (CWE-269)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0439 \u0441 \u0444\u0430\u0439\u043b\u0430\u043c\u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0430\u043d\u0442\u0438\u0432\u0438\u0440\u0443\u0441\u043d\u044b\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 ESET \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043f\u0440\u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0443\u0434\u0430\u043b\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": null,
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u0421\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0437\u0430\u0449\u0438\u0442\u044b, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u041f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0437\u0430\u0449\u0438\u0442\u044b",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-269",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)"
}

GHSA-8M6H-Q36W-XVG7

Vulnerability from github – Published: 2024-02-15 09:30 – Updated: 2025-12-10 21:31

Details

Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete files without having proper permission.

Severity ?

7.8 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-0353"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-15T08:15:46Z",
    "severity": "HIGH"
  },
  "details": "Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET\u2019s file operations to delete files without having proper permission.",
  "id": "GHSA-8m6h-q36w-xvg7",
  "modified": "2025-12-10T21:31:28Z",
  "published": "2024-02-15T09:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0353"
    },
    {
      "type": "WEB",
      "url": "https://packetstormsecurity.com/files/179495/ESET-NOD32-Antivirus-17.2.7.0-Unquoted-Service-Path.html"
    },
    {
      "type": "WEB",
      "url": "https://packetstormsecurity.com/files/182464/ESET-NOD32-Antivirus-18.0.12.0-Unquoted-Service-Path.html"
    },
    {
      "type": "WEB",
      "url": "https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/51351"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/51964"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2024-0353

Vulnerability from fkie_nvd - Published: 2024-02-15 08:15 - Updated: 2025-12-10 20:16

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete files without having proper permission.

References

URL	Tags
security@eset.com	https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://packetstormsecurity.com/files/179495/ESET-NOD32-Antivirus-17.2.7.0-Unquoted-Service-Path.html	Broken Link
af854a3a-2127-422b-91ae-364da2661108	https://packetstormsecurity.com/files/182464/ESET-NOD32-Antivirus-18.0.12.0-Unquoted-Service-Path.html	Broken Link
af854a3a-2127-422b-91ae-364da2661108	https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/51351
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/51964

Impacted products

Vendor	Product	Version
eset	endpoint_antivirus	*
eset	endpoint_antivirus	*
eset	endpoint_antivirus	*
eset	endpoint_antivirus	*
eset	endpoint_antivirus	*
eset	endpoint_security	*
eset	endpoint_security	*
eset	endpoint_security	*
eset	endpoint_security	*
eset	endpoint_security	*
eset	file_security	*
eset	internet_security	*
eset	mail_security	*
eset	mail_security	*
eset	mail_security	*
eset	mail_security	*
eset	mail_security	*
eset	mail_security	*
eset	mail_security	*
eset	mail_security	*
eset	mail_security	*
eset	nod32_antivirus	*
eset	security	*
eset	security	*
eset	security	*
eset	security	*
eset	security	*
eset	server_security	*
eset	server_security	*
eset	server_security	*
eset	server_security	*
eset	smart_security	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:eset:endpoint_antivirus:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "FD0A2DF6-7A58-491C-AEB8-A2E680AC98F1",
              "versionEndExcluding": "8.1.2062.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eset:endpoint_antivirus:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "05E9177E-5D0F-41ED-8294-DFB89E3876E4",
              "versionEndExcluding": "9.1.2071.0",
              "versionStartIncluding": "9.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eset:endpoint_antivirus:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "0B60BF84-00BE-4DB0-8997-743F57416BE4",
              "versionEndExcluding": "10.0.2052.0",
              "versionStartIncluding": "10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eset:endpoint_antivirus:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "0164AE41-F12C-4B0D-8974-D7437BFB06B4",
              "versionEndExcluding": "10.1.2063.0",
              "versionStartIncluding": "10.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eset:endpoint_antivirus:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "4E612901-DB52-4059-9817-92C60A84BB2C",
              "versionEndExcluding": "11.0.2032.0",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eset:endpoint_security:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "74C3F07A-2298-4521-BBC0-F2E48BA982F9",
              "versionEndExcluding": "8.1.2062.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eset:endpoint_security:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B3D79959-D8FE-4F95-A8E8-03308948FC5D",
              "versionEndExcluding": "9.1.2071.0",
              "versionStartIncluding": "9.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eset:endpoint_security:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "346C043C-2DE2-490B-A36B-8D0970DFD4B6",
              "versionEndExcluding": "10.0.2052.0",
              "versionStartIncluding": "10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eset:endpoint_security:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "71A365AB-99CA-4FA9-A451-5C96B0A5A7F5",
              "versionEndExcluding": "10.1.2063.0",
              "versionStartIncluding": "10.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eset:endpoint_security:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "395C3173-EDC0-41D7-85B2-612C4DBD98F0",
              "versionEndExcluding": "11.0.2032.0",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eset:file_security:*:*:*:*:*:azure:*:*",
              "matchCriteriaId": "1AB25077-C346-4D68-8089-6042BFDA655C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eset:internet_security:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA4D106F-E8B7-43E9-A568-D779AE96128B",
              "versionEndExcluding": "17.0.10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eset:mail_security:*:*:*:*:*:exchange_server:*:*",
              "matchCriteriaId": "130C22A6-09A5-4271-9777-E0104049B549",
              "versionEndExcluding": "7.3.10018.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eset:mail_security:*:*:*:*:*:domino:*:*",
              "matchCriteriaId": "3907201A-AB03-472D-888E-C2F4263FF142",
              "versionEndExcluding": "7.3.14006.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eset:mail_security:*:*:*:*:*:exchange_server:*:*",
              "matchCriteriaId": "222094AC-A5B4-4951-8A66-DE4230E2480F",
              "versionEndExcluding": "8.0.10024.0",
              "versionStartIncluding": "8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eset:mail_security:*:*:*:*:*:domino:*:*",
              "matchCriteriaId": "050BA9DE-6985-4833-90C6-60018F521995",
              "versionEndExcluding": "8.0.14014.0",
              "versionStartIncluding": "8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eset:mail_security:*:*:*:*:*:exchange_server:*:*",
              "matchCriteriaId": "FE6862D1-1DC9-492E-B1A7-21DC8F5102C4",
              "versionEndExcluding": "9.0.10012.0",
              "versionStartIncluding": "9.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eset:mail_security:*:*:*:*:*:domino:*:*",
              "matchCriteriaId": "EDB3A57E-7B60-4FAC-BE08-DF10CE47C8E2",
              "versionEndExcluding": "9.0.14008.0",
              "versionStartIncluding": "9.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eset:mail_security:*:*:*:*:*:exchange_server:*:*",
              "matchCriteriaId": "33552BAC-3DD8-4367-AFD3-ACF6A4B0EC15",
              "versionEndExcluding": "10.0.10018.0",
              "versionStartIncluding": "10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eset:mail_security:*:*:*:*:*:domino:*:*",
              "matchCriteriaId": "45C8E944-C3B4-4AB7-8332-F51821F7C253",
              "versionEndExcluding": "10.0.14007.0",
              "versionStartIncluding": "10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eset:mail_security:*:*:*:*:*:exchange_server:*:*",
              "matchCriteriaId": "AE42F470-97D5-405F-8DDB-58030A8A7339",
              "versionEndExcluding": "10.1.10014.0",
              "versionStartIncluding": "10.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eset:nod32_antivirus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B0F994D-291F-4037-9F38-2ADD30917A1B",
              "versionEndExcluding": "17.0.10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eset:security:*:*:*:*:*:sharepoint_server:*:*",
              "matchCriteriaId": "B1008F99-C3F2-4D79-A37D-2239E7C5535F",
              "versionEndExcluding": "7.3.15006.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eset:security:*:*:*:*:ultimate:*:*:*",
              "matchCriteriaId": "F78781C7-AD74-4D14-A955-A0380CE7B73F",
              "versionEndExcluding": "17.0.10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eset:security:*:*:*:*:*:sharepoint_server:*:*",
              "matchCriteriaId": "732DD0AC-2D36-41E5-9005-3BA04D2BC920",
              "versionEndExcluding": "8.0.15012.0",
              "versionStartIncluding": "8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eset:security:*:*:*:*:*:sharepoint_server:*:*",
              "matchCriteriaId": "61D23E98-F343-41C8-A9CB-14937455AF7E",
              "versionEndExcluding": "9.0.15006.0",
              "versionStartIncluding": "9.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eset:security:*:*:*:*:*:sharepoint_server:*:*",
              "matchCriteriaId": "EDEE8E3A-1A7B-4DBC-9C2A-6A7E4BB1B9B3",
              "versionEndExcluding": "10.0.15005.0",
              "versionStartIncluding": "10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eset:server_security:*:*:*:*:*:windows_server:*:*",
              "matchCriteriaId": "91DE9E8D-6155-42BB-A303-4A31B3A65C49",
              "versionEndExcluding": "7.3.12013.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eset:server_security:*:*:*:*:*:windows_server:*:*",
              "matchCriteriaId": "C2722856-080B-4025-AD29-7B758303F442",
              "versionEndExcluding": "8.0.12016.0",
              "versionStartIncluding": "8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eset:server_security:*:*:*:*:*:windows_server:*:*",
              "matchCriteriaId": "BA373E8F-2D94-4EF4-96C4-0306D969EB37",
              "versionEndExcluding": "9.0.12019.0",
              "versionStartIncluding": "9.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eset:server_security:*:*:*:*:*:windows_server:*:*",
              "matchCriteriaId": "B3A3E72B-98E3-4754-815F-3B3CE57AC8EA",
              "versionEndExcluding": "10.0.12015.0",
              "versionStartIncluding": "10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eset:smart_security:*:*:*:*:premium:*:*:*",
              "matchCriteriaId": "1B58F4A8-5BF7-4F3E-8267-E5D43D7AA538",
              "versionEndExcluding": "17.0.10.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET\u2019s file operations to delete files without having proper permission."
    },
    {
      "lang": "es",
      "value": "La vulnerabilidad de escalada de privilegios local potencialmente permiti\u00f3 a un atacante hacer un mal uso de las operaciones de archivos de ESET para eliminar archivos sin tener el permiso adecuado."
    }
  ],
  "id": "CVE-2024-0353",
  "lastModified": "2025-12-10T20:16:20.467",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "security@eset.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-02-15T08:15:46.023",
  "references": [
    {
      "source": "security@eset.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://packetstormsecurity.com/files/179495/ESET-NOD32-Antivirus-17.2.7.0-Unquoted-Service-Path.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://packetstormsecurity.com/files/182464/ESET-NOD32-Antivirus-18.0.12.0-Unquoted-Service-Path.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/51351"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/51964"
    }
  ],
  "sourceIdentifier": "security@eset.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ],
      "source": "security@eset.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2024-AVI-0136

Vulnerability from certfr_avis - Published: 2024-02-15 - Updated: 2024-02-15

Une vulnérabilité a été découverte dans les produits ESET. Elle permet à un attaquant de provoquer une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
ESET	Security	ESET Security pour Microsoft SharePoint Server versions 7.3.x.x antérieures à 7.3.15006.0
ESET	N/A	ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security Premium et ESET Security Ultimate versions antérieures à 17.0.10.0
ESET	Mail Security	ESET Mail Security pour IBM Domino versions 10.0.x.x antérieures à 10.0.14007.0
ESET	Mail Security	ESET Mail Security pour Microsoft Exchange Server versions 10.1.x.x antérieures à 10.1.10014.0
ESET	Security	ESET Security pour Microsoft SharePoint Server versions 9.0.x.x antérieures à 9.0.15006.0
ESET	Mail Security	ESET Mail Security pour IBM Domino versions 7.3.x.x antérieures à 7.3.14006.0
ESET	N/A	ESET Server Security pour Windows Server (anciennement File Security pour Microsoft Windows Server) versions 10.0.x.x antérieures à 10.0.12015.0
ESET	Mail Security	ESET Mail Security pour IBM Domino versions 8.0.x.x antérieures à 8.0.14014.0
ESET	N/A	ESET Endpoint Antivirus pour Windows et ESET Endpoint Security pour Windows versions 10.1.x.x antérieures à 10.1.2063.0
ESET	N/A	ESET Endpoint Antivirus pour Windows et ESET Endpoint Security pour Windows versions 10.0.x.x antérieures à 10.0.2052.0
ESET	N/A	ESET Server Security pour Windows Server (anciennement File Security pour Microsoft Windows Server) versions 7.3.x.x antérieures à 7.3.12013.0
ESET	N/A	ESET Endpoint Antivirus pour Windows et ESET Endpoint Security pour Windows versions 8.1.x.x antérieures à 8.1.2062.0
ESET	Mail Security	ESET Mail Security pour Microsoft Exchange Server versions 9.0.x.x antérieures à 9.0.10012.0
ESET	N/A	ESET Server Security pour Windows Server (anciennement File Security pour Microsoft Windows Server) versions 8.0.x.x antérieures à 8.0.12016.0
ESET	Mail Security	ESET Mail Security pour Microsoft Exchange Server versions 8.0.x.x antérieures à 8.0.10024.0
ESET	Mail Security	ESET Mail Security pour Microsoft Exchange Server versions 7.3.x.x antérieures à 7.3.10018.0
ESET	Security	ESET Security pour Microsoft SharePoint Server versions 8.0.x.x antérieures à 8.0.15012.0
ESET	Security	ESET Security pour Microsoft SharePoint Server versions 10.0.x.x antérieures à 10.0.15005.0
ESET	Mail Security	ESET Mail Security pour Microsoft Exchange Server versions 10.0.x.x antérieures à 10.0.10018.0
ESET	N/A	ESET Endpoint Antivirus pour Windows et ESET Endpoint Security pour Windows versions 9.1.x.x antérieures à 9.1.2071.0
ESET	Mail Security	ESET Mail Security pour IBM Domino versions 9.0.x.x antérieures à 9.0.14008.0
ESET	N/A	ESET Server Security pour Windows Server (anciennement File Security pour Microsoft Windows Server) versions 9.0.x.x antérieures à 9.0.12019.0
ESET	N/A	ESET Endpoint Antivirus pour Windows et ESET Endpoint Security pour Windows versions 11.0.x.x antérieures à 11.0.2032.0
ESET	File Security	ESET File Security pour Microsoft Azure

References

Title

Publication Time

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-0353 (GCVE-0-2024-0353)

GSD-2024-0353

CVE-2024-0353

GHSA-8M6H-Q36W-XVG7

FKIE_CVE-2024-0353

CERTFR-2024-AVI-0136

Solution

Tags

Sightings

Nomenclature