CVE-2021-37850 - OpenCVE

ESET was made aware of a vulnerability in its consumer and business products for macOS that enables a user logged on to the system to stop the ESET daemon, effectively disabling the protection of the ESET security product until a system reboot.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:L/AC:L/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Eset	Cyber Security Endpoint Antivirus Endpoint Security

Configuration 1 [-]

OR	cpe:2.3:a:eset:cyber_security:::::-:macos::
	cpe:2.3:a:eset:cyber_security:::::pro:macos::
	cpe:2.3:a:eset:endpoint_antivirus:::::-:macos::
	cpe:2.3:a:eset:endpoint_security:::::-:macos::

No data.

References

Link	Providers
https://support.eset.com/en/ca8151

History

No history.

MITRE

Status: PUBLISHED

Assigner: ESET

Published: 2021-11-08T13:35:49

Updated: 2024-08-04T01:30:09.156Z

Reserved: 2021-08-02T00:00:00

Link: CVE-2021-37850

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-11-08T14:15:08.037

Modified: 2021-11-09T14:10:01.357

Link: CVE-2021-37850

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "ESET Cyber Security", "vendor": "ESET, spol. s r.o.", "versions": [{"lessThanOrEqual": "6.10.700", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "ESET Cyber Security Pro", "vendor": "ESET, spol. s r.o.", "versions": [{"lessThan": "6.10.700", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "ESET Endpoint Antivirus for macOS", "vendor": "ESET, spol. s r.o.", "versions": [{"lessThan": "6.10.910.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "ESET Endpoint Security for macOS", "vendor": "ESET, spol. s r.o.", "versions": [{"lessThan": "6.10.910.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "ESET values the principles of responsible disclosure within the security industry and would like to express our thanks to Teiei Shu (\u5ef7\u53e1 \u5468) who reported this issue."}], "descriptions": [{"lang": "en", "value": "ESET was made aware of a vulnerability in its consumer and business products for macOS that enables a user logged on to the system to stop the ESET daemon, effectively disabling the protection of the ESET security product until a system reboot."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Denial Of Service", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-11-08T13:35:49", "orgId": "4a9b9929-2450-4021-b7b9-469a0255b215", "shortName": "ESET"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.eset.com/en/ca8151"}], "source": {"discovery": "EXTERNAL"}, "title": "Denial of service in ESET for Mac products", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@eset.com", "ID": "CVE-2021-37850", "STATE": "PUBLIC", "TITLE": "Denial of service in ESET for Mac products"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "ESET Cyber Security", "version": {"version_data": [{"version_affected": "<=", "version_value": "6.10.700"}]}}, {"product_name": "ESET Cyber Security Pro", "version": {"version_data": [{"version_affected": "<", "version_value": "6.10.700"}]}}, {"product_name": "ESET Endpoint Antivirus for macOS", "version": {"version_data": [{"version_affected": "<", "version_value": "6.10.910.0"}]}}, {"product_name": "ESET Endpoint Security for macOS", "version": {"version_data": [{"version_affected": "<", "version_value": "6.10.910.0"}]}}]}, "vendor_name": "ESET, spol. s r.o."}]}}, "credit": [{"lang": "eng", "value": "ESET values the principles of responsible disclosure within the security industry and would like to express our thanks to Teiei Shu (\u5ef7\u53e1 \u5468) who reported this issue."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "ESET was made aware of a vulnerability in its consumer and business products for macOS that enables a user logged on to the system to stop the ESET daemon, effectively disabling the protection of the ESET security product until a system reboot."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Denial Of Service"}]}]}, "references": {"reference_data": [{"name": "https://support.eset.com/en/ca8151", "refsource": "MISC", "url": "https://support.eset.com/en/ca8151"}]}, "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T01:30:09.156Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.eset.com/en/ca8151"}]}]}, "cveMetadata": {"assignerOrgId": "4a9b9929-2450-4021-b7b9-469a0255b215", "assignerShortName": "ESET", "cveId": "CVE-2021-37850", "datePublished": "2021-11-08T13:35:49", "dateReserved": "2021-08-02T00:00:00", "dateUpdated": "2024-08-04T01:30:09.156Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:eset:cyber_security:*:*:*:*:-:macos:*:*", "matchCriteriaId": "47B7D44D-DB8F-4C1F-A13B-0DB9B1A2E17D", "versionEndIncluding": "6.10.700", "vulnerable": true}, {"criteria": "cpe:2.3:a:eset:cyber_security:*:*:*:*:pro:macos:*:*", "matchCriteriaId": "3F714A0A-410A-4531-966E-4443585E6577", "versionEndIncluding": "6.10.700", "vulnerable": true}, {"criteria": "cpe:2.3:a:eset:endpoint_antivirus:*:*:*:*:-:macos:*:*", "matchCriteriaId": "DB9F6E12-07C5-4D10-94ED-7F9B2900F8AA", "versionEndIncluding": "6.10.910.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:eset:endpoint_security:*:*:*:*:-:macos:*:*", "matchCriteriaId": "B5C5CD3B-1CEA-4E53-ABA5-C53F6F2ACABB", "versionEndIncluding": "6.10.910.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "ESET was made aware of a vulnerability in its consumer and business products for macOS that enables a user logged on to the system to stop the ESET daemon, effectively disabling the protection of the ESET security product until a system reboot."}, {"lang": "es", "value": "ESET se dio cuenta de una vulnerabilidad en sus productos de consumo y empresariales para macOS que permite a un usuario conectado al sistema detener el demonio de ESET, deshabilitando efectivamente la protecci\u00f3n del producto de seguridad de ESET hasta un reinicio del sistema"}], "id": "CVE-2021-37850", "lastModified": "2021-11-09T14:10:01.357", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "security@eset.com", "type": "Secondary"}]}, "published": "2021-11-08T14:15:08.037", "references": [{"source": "security@eset.com", "tags": ["Vendor Advisory"], "url": "https://support.eset.com/en/ca8151"}], "sourceIdentifier": "security@eset.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}