Search criteria
2 vulnerabilities found for ESET Server Security for Windows Server (File Security) by ESET, spol. s r.o.
CVE-2023-3160 (GCVE-0-2023-3160)
Vulnerability from cvelistv5 – Published: 2023-08-14 09:27 – Updated: 2024-10-09 20:04
VLAI?
Title
Local privilege escalation in security products for Windows
Summary
The vulnerability potentially allows an attacker to misuse ESET’s file operations during the module update to delete or move files without having proper permissions.
Severity ?
7.8 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ESET, spol. s r.o. | ESET NOD32 Antivirus |
Unaffected:
1463
|
||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:48:07.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.eset.com/en/ca8466"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3160",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T20:03:59.300075Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T20:04:15.607Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"HIPS"
],
"product": "ESET NOD32 Antivirus",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"status": "unaffected",
"version": "1463"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"HIPS"
],
"product": "ESET Internet Security",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"status": "unaffected",
"version": "1463"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"HIPS"
],
"product": "ESET Smart Security Premium",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"status": "unaffected",
"version": "1463"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"HIPS"
],
"product": "ESET Endpoint Antivirus",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"status": "unaffected",
"version": "1463"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"HIPS"
],
"product": "ESET Endpoint Security",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"status": "unaffected",
"version": "1463"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"HIPS"
],
"product": "ESET Server Security for Windows Server (File Security)",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"status": "unaffected",
"version": "1463"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"HIPS"
],
"product": "ESET Mail Security for Microsoft Exchange Server",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"status": "unaffected",
"version": "1463"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"HIPS"
],
"product": "ESET Mail Security for IBM Domino",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"status": "unaffected",
"version": "1463"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"HIPS"
],
"product": "ESET Security for Microsoft SharePoint Server",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"status": "unaffected",
"version": "1463"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nThe vulnerability potentially allows an attacker to misuse ESET\u2019s file operations during the module update to delete or move files without having proper permissions."
}
],
"value": "\nThe vulnerability potentially allows an attacker to misuse ESET\u2019s file operations during the module update to delete or move files without having proper permissions."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-14T09:27:02.427Z",
"orgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
"shortName": "ESET"
},
"references": [
{
"url": "https://support.eset.com/en/ca8466"
}
],
"source": {
"advisory": "ca8466",
"discovery": "EXTERNAL"
},
"title": "Local privilege escalation in security products for Windows",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
"assignerShortName": "ESET",
"cveId": "CVE-2023-3160",
"datePublished": "2023-08-14T09:27:02.427Z",
"dateReserved": "2023-06-08T08:28:28.513Z",
"dateUpdated": "2024-10-09T20:04:15.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3160 (GCVE-0-2023-3160)
Vulnerability from nvd – Published: 2023-08-14 09:27 – Updated: 2024-10-09 20:04
VLAI?
Title
Local privilege escalation in security products for Windows
Summary
The vulnerability potentially allows an attacker to misuse ESET’s file operations during the module update to delete or move files without having proper permissions.
Severity ?
7.8 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ESET, spol. s r.o. | ESET NOD32 Antivirus |
Unaffected:
1463
|
||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:48:07.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.eset.com/en/ca8466"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3160",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T20:03:59.300075Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T20:04:15.607Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"HIPS"
],
"product": "ESET NOD32 Antivirus",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"status": "unaffected",
"version": "1463"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"HIPS"
],
"product": "ESET Internet Security",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"status": "unaffected",
"version": "1463"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"HIPS"
],
"product": "ESET Smart Security Premium",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"status": "unaffected",
"version": "1463"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"HIPS"
],
"product": "ESET Endpoint Antivirus",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"status": "unaffected",
"version": "1463"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"HIPS"
],
"product": "ESET Endpoint Security",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"status": "unaffected",
"version": "1463"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"HIPS"
],
"product": "ESET Server Security for Windows Server (File Security)",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"status": "unaffected",
"version": "1463"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"HIPS"
],
"product": "ESET Mail Security for Microsoft Exchange Server",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"status": "unaffected",
"version": "1463"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"HIPS"
],
"product": "ESET Mail Security for IBM Domino",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"status": "unaffected",
"version": "1463"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"HIPS"
],
"product": "ESET Security for Microsoft SharePoint Server",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"status": "unaffected",
"version": "1463"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nThe vulnerability potentially allows an attacker to misuse ESET\u2019s file operations during the module update to delete or move files without having proper permissions."
}
],
"value": "\nThe vulnerability potentially allows an attacker to misuse ESET\u2019s file operations during the module update to delete or move files without having proper permissions."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-14T09:27:02.427Z",
"orgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
"shortName": "ESET"
},
"references": [
{
"url": "https://support.eset.com/en/ca8466"
}
],
"source": {
"advisory": "ca8466",
"discovery": "EXTERNAL"
},
"title": "Local privilege escalation in security products for Windows",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
"assignerShortName": "ESET",
"cveId": "CVE-2023-3160",
"datePublished": "2023-08-14T09:27:02.427Z",
"dateReserved": "2023-06-08T08:28:28.513Z",
"dateUpdated": "2024-10-09T20:04:15.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}