CERTFR-2025-AVI-0280
Vulnerability from certfr_avis

Une vulnérabilité a été découverte dans les produits ESET. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products
Vendor Product Description
ESET Smart Security Premium Smart Security Premium versions antériéures à 18.1.10.0
ESET Server Security Server Security versions antérieures à 11.1.12009.0 pour Windows Server
ESET NOD32 Antivirus NOD32 Antivirus versions antériéures à 18.1.10.0
ESET Internet Security Internet Security versions antériéures à 18.1.10.0
ESET Endpoint Security Endpoint Security versions antérieures à 12.0.2045.0
ESET Endpoint Antivirus Endpoint Antivirus versions antérieures à 12.0.2045.0
ESET Mail Security Mail Security versions antérieures à 11.1.10011.0, 11.0.10010.0 et 10.1.10017.0 pour Microsoft Exchange Server
ESET Security Ultimate Security Ultimate versions antériéures à 18.1.10.0
ESET Endpoint Antivirus Endpoint Antivirus versions antérieures à 11.1.2059.0
ESET Security Security versions antérieures à 11.1.15003.0, 11.0.15007.0, 10.0.15008.0 pour Microsoft SharePoint Server
ESET Safe Server ESET Safe Server versions antérieures à 18.1.10.0
ESET Endpoint Security Endpoint Security versions antérieures à 11.1.2059.0
ESET Small Business Security Small Business Security versions antérieures à 18.1.10.0
References
Bulletin de sécurité ESET CA8810 2025-04-04 vendor-advisory

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Smart Security Premium versions ant\u00e9ri\u00e9ures \u00e0 18.1.10.0",
      "product": {
        "name": "Smart Security Premium",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    },
    {
      "description": "Server Security versions ant\u00e9rieures \u00e0 11.1.12009.0 pour Windows Server",
      "product": {
        "name": "Server Security",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    },
    {
      "description": "NOD32 Antivirus versions ant\u00e9ri\u00e9ures \u00e0 18.1.10.0",
      "product": {
        "name": "NOD32 Antivirus",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Security versions ant\u00e9ri\u00e9ures \u00e0 18.1.10.0",
      "product": {
        "name": "Internet Security",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    },
    {
      "description": "Endpoint Security versions ant\u00e9rieures \u00e0 12.0.2045.0",
      "product": {
        "name": "Endpoint Security",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    },
    {
      "description": "Endpoint Antivirus versions ant\u00e9rieures \u00e0 12.0.2045.0",
      "product": {
        "name": "Endpoint Antivirus",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    },
    {
      "description": "Mail Security versions ant\u00e9rieures \u00e0 11.1.10011.0, 11.0.10010.0 et 10.1.10017.0 pour Microsoft Exchange Server",
      "product": {
        "name": "Mail Security",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    },
    {
      "description": "Security Ultimate versions ant\u00e9ri\u00e9ures \u00e0 18.1.10.0",
      "product": {
        "name": "Security Ultimate",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    },
    {
      "description": "Endpoint Antivirus versions ant\u00e9rieures \u00e0 11.1.2059.0",
      "product": {
        "name": "Endpoint Antivirus",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    },
    {
      "description": "Security versions ant\u00e9rieures \u00e0 11.1.15003.0, 11.0.15007.0, 10.0.15008.0 pour Microsoft SharePoint Server",
      "product": {
        "name": "Security",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    },
    {
      "description": "ESET Safe Server versions ant\u00e9rieures \u00e0 18.1.10.0",
      "product": {
        "name": "Safe Server",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    },
    {
      "description": "Endpoint Security versions ant\u00e9rieures \u00e0 11.1.2059.0",
      "product": {
        "name": "Endpoint Security",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    },
    {
      "description": "Small Business Security versions ant\u00e9rieures \u00e0 18.1.10.0",
      "product": {
        "name": "Small Business Security",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-11859",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11859"
    }
  ],
  "initial_release_date": "2025-04-07T00:00:00",
  "last_revision_date": "2025-04-07T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0280",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-04-07T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits ESET. Elle permet \u00e0 un attaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.",
  "title": "Vuln\u00e9rabilit\u00e9 dans les produits ESET",
  "vendor_advisories": [
    {
      "published_at": "2025-04-04",
      "title": "Bulletin de s\u00e9curit\u00e9 ESET CA8810",
      "url": "https://support-feed.eset.com/link/15370/16999046/ca8810"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.