CERTFR-2023-AVI-1053
Vulnerability from certfr_avis

Une vulnérabilité a été découverte dans les produits ESET. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None
Impacted products
Vendor Product Description
ESET Security Ultimate ESET Security Ultimate
ESET Endpoint Antivirus ESET Endpoint Antivirus versions postérieures à 10.0 pour Linux
ESET Server Security ESET Server Security versions postérieures à 10.1 pour Linux
ESET Endpoint Antivirus ESET Endpoint Antivirus pour Windows
ESET NOD32 Antivirus ESET NOD32 Antivirus
ESET Endpoint Security ESET Endpoint Security pour Windows
ESET Smart Security Premium ESET Smart Security Premium
ESET Mail Security ESET Mail Security pour Microsoft Exchange Server
ESET Internet Security ESET Internet Security
ESET Server Security ESET Server Security pour Windows Server
ESET Mail Security ESET Mail Security pour IBM Domino
ESET Security ESET Security pour Microsoft SharePoint Server
ESET File Security ESET File Security pour Microsoft Azure
References

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "ESET Security Ultimate",
      "product": {
        "name": "Security Ultimate",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    },
    {
      "description": "ESET Endpoint Antivirus versions post\u00e9rieures \u00e0 10.0 pour Linux",
      "product": {
        "name": "Endpoint Antivirus",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    },
    {
      "description": "ESET Server Security versions post\u00e9rieures \u00e0 10.1 pour Linux",
      "product": {
        "name": "Server Security",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    },
    {
      "description": "ESET Endpoint Antivirus pour Windows",
      "product": {
        "name": "Endpoint Antivirus",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    },
    {
      "description": "ESET NOD32 Antivirus",
      "product": {
        "name": "NOD32 Antivirus",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    },
    {
      "description": "ESET Endpoint Security pour Windows",
      "product": {
        "name": "Endpoint Security",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    },
    {
      "description": "ESET Smart Security Premium",
      "product": {
        "name": "Smart Security Premium",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    },
    {
      "description": "ESET Mail Security pour Microsoft Exchange Server",
      "product": {
        "name": "Mail Security",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    },
    {
      "description": "ESET Internet Security",
      "product": {
        "name": "Internet Security",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    },
    {
      "description": "ESET Server Security pour Windows Server",
      "product": {
        "name": "Server Security",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    },
    {
      "description": "ESET Mail Security pour IBM Domino",
      "product": {
        "name": "Mail Security",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    },
    {
      "description": "ESET Security pour Microsoft SharePoint Server",
      "product": {
        "name": "Security",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    },
    {
      "description": "ESET File Security pour Microsoft Azure",
      "product": {
        "name": "File Security",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-5594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5594"
    }
  ],
  "initial_release_date": "2023-12-22T00:00:00",
  "last_revision_date": "2023-12-22T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 ESET\u00a0CA8562 du 20 d\u00e9cembre 2023",
      "url": "https://support.eset.com/en/ca8562-eset-customer-advisory-improper-following-of-a-certificates-chain-of-trust-in-eset-security-products-fixed"
    }
  ],
  "reference": "CERTFR-2023-AVI-1053",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-12-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans \u003cspan class=\"textit\"\u003eles\nproduits ESET\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans les produits ESET",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 ESET CA8562 du 20 d\u00e9cembre 2023",
      "url": null
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.