CVE-2023-7043 - Vulnerability Details - OpenCVE

Unquoted service path in ESET products allows to

drop a prepared program to a specific location and run on boot with the

NT AUTHORITY\NetworkService permissions.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00089.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Eset	Endpoint Antivirus Endpoint Security Internet Security Mail Security Nod32 Antivirus Smart Security Premium

Configuration 1 [-]

OR	cpe:2.3:a:eset:endpoint_antivirus::::::::
	cpe:2.3:a:eset:endpoint_security::::::::
	cpe:2.3:a:eset:internet_security::::::::
	cpe:2.3:a:eset:mail_security:10.1.10012.0:::::exchange_server::
	cpe:2.3:a:eset:nod32_antivirus::::::::
	cpe:2.3:a:eset:smart_security_premium::::::::

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-59230	Unquoted service path in ESET products allows to drop a prepared program to a specific location and run on boot with the NT AUTHORITY\NetworkService permissions.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://support.eset.com/en/ca8602

History

Thu, 17 Oct 2024 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: ESET

Published: 2024-01-31T12:51:38.253Z

Updated: 2024-10-17T17:54:28.120Z

Reserved: 2023-12-21T12:14:56.731Z

Link: CVE-2023-7043

Vulnrichment

Updated: 2024-08-02T08:50:07.939Z

NVD

Status : Modified

Published: 2024-01-31T13:15:10.147

Modified: 2024-11-21T08:45:06.820

Link: CVE-2023-7043

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-7043", "assignerOrgId": "4a9b9929-2450-4021-b7b9-469a0255b215", "state": "PUBLISHED", "assignerShortName": "ESET", "dateReserved": "2023-12-21T12:14:56.731Z", "datePublished": "2024-01-31T12:51:38.253Z", "dateUpdated": "2024-10-17T17:54:28.120Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ESET Endpoint Security", "vendor": "ESET, spol. s r.o.", "versions": [{"lessThanOrEqual": "10.1.2063.x", "status": "affected", "version": "10.1.2046.x", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "ESET Endpoint Antivirus", "vendor": "ESET, spol. s r.o.", "versions": [{"lessThanOrEqual": "10.1.2063.x", "status": "affected", "version": "10.1.2046.x", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "ESET NOD32 Antivirus", "vendor": "ESET, spol. s r.o.", "versions": [{"lessThanOrEqual": "16.2.15.0", "status": "affected", "version": "16.1.14.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "ESET Internet Security", "vendor": "ESET, spol. s r.o.", "versions": [{"lessThanOrEqual": "16.2.15.0", "status": "affected", "version": "16.1.14.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "ESET Smart Security Premium", "vendor": "ESET, spol. s r.o.", "versions": [{"lessThanOrEqual": "16.2.15.0", "status": "affected", "version": "16.1.14.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "ESET Mail Security for Microsoft Exchange Server", "vendor": "ESET, spol. s r.o.", "versions": [{"status": "affected", "version": "10.1.10012.0"}]}], "datePublic": "2024-01-26T11:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Unquoted service path in ESET products allows to \n\n<span style=\"background-color: rgb(255, 255, 255);\">drop a prepared program to a specific location</span> and <span style=\"background-color: rgb(255, 255, 255);\">run on boot with </span><span style=\"background-color: rgb(255, 255, 255);\">the \n\nNT AUTHORITY\\NetworkService permissions.</span>"}], "value": "Unquoted service path in ESET products allows to \n\ndrop a prepared program to a specific location\u00a0and\u00a0run on boot with the \n\nNT AUTHORITY\\NetworkService\u00a0permissions."}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-428", "description": "CWE-428 Unquoted Search Path or Element", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "4a9b9929-2450-4021-b7b9-469a0255b215", "shortName": "ESET", "dateUpdated": "2024-01-31T12:52:10.301Z"}, "references": [{"url": "https://support.eset.com/en/ca8602"}], "source": {"advisory": "ca8602", "discovery": "UNKNOWN"}, "title": "Unquoted path privilege vulnerability in ESET products for Windows", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:50:07.939Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.eset.com/en/ca8602", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-01-31T15:52:23.258496Z", "id": "CVE-2023-7043", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-17T17:54:28.120Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support.eset.com/en/ca8602", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:50:07.939Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-7043", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-01-31T15:52:23.258496Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-17T17:54:20.812Z"}}], "cna": {"title": "Unquoted path privilege vulnerability in ESET products for Windows", "source": {"advisory": "ca8602", "discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "ESET, spol. s r.o.", "product": "ESET Endpoint Security", "versions": [{"status": "affected", "version": "10.1.2046.x", "versionType": "custom", "lessThanOrEqual": "10.1.2063.x"}], "defaultStatus": "unaffected"}, {"vendor": "ESET, spol. s r.o.", "product": "ESET Endpoint Antivirus", "versions": [{"status": "affected", "version": "10.1.2046.x", "versionType": "custom", "lessThanOrEqual": "10.1.2063.x"}], "defaultStatus": "unaffected"}, {"vendor": "ESET, spol. s r.o.", "product": "ESET NOD32 Antivirus", "versions": [{"status": "affected", "version": "16.1.14.0", "versionType": "custom", "lessThanOrEqual": "16.2.15.0"}], "defaultStatus": "unaffected"}, {"vendor": "ESET, spol. s r.o.", "product": "ESET Internet Security", "versions": [{"status": "affected", "version": "16.1.14.0", "versionType": "custom", "lessThanOrEqual": "16.2.15.0"}], "defaultStatus": "unaffected"}, {"vendor": "ESET, spol. s r.o.", "product": "ESET Smart Security Premium", "versions": [{"status": "affected", "version": "16.1.14.0", "versionType": "custom", "lessThanOrEqual": "16.2.15.0"}], "defaultStatus": "unaffected"}, {"vendor": "ESET, spol. s r.o.", "product": "ESET Mail Security for Microsoft Exchange Server", "versions": [{"status": "affected", "version": "10.1.10012.0"}], "defaultStatus": "unaffected"}], "datePublic": "2024-01-26T11:00:00.000Z", "references": [{"url": "https://support.eset.com/en/ca8602"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Unquoted service path in ESET products allows to \n\ndrop a prepared program to a specific location\u00a0and\u00a0run on boot with the \n\nNT AUTHORITY\\NetworkService\u00a0permissions.", "supportingMedia": [{"type": "text/html", "value": "Unquoted service path in ESET products allows to \n\n<span style=\"background-color: rgb(255, 255, 255);\">drop a prepared program to a specific location</span> and <span style=\"background-color: rgb(255, 255, 255);\">run on boot with </span><span style=\"background-color: rgb(255, 255, 255);\">the \n\nNT AUTHORITY\\NetworkService permissions.</span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-428", "description": "CWE-428 Unquoted Search Path or Element"}]}], "providerMetadata": {"orgId": "4a9b9929-2450-4021-b7b9-469a0255b215", "shortName": "ESET", "dateUpdated": "2024-01-31T12:52:10.301Z"}}}, "cveMetadata": {"cveId": "CVE-2023-7043", "state": "PUBLISHED", "dateUpdated": "2024-10-17T17:54:28.120Z", "dateReserved": "2023-12-21T12:14:56.731Z", "assignerOrgId": "4a9b9929-2450-4021-b7b9-469a0255b215", "datePublished": "2024-01-31T12:51:38.253Z", "assignerShortName": "ESET"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:eset:endpoint_antivirus:*:*:*:*:*:*:*:*", "matchCriteriaId": "50677A92-50F3-4020-BC55-B3C6FDB4511D", "versionEndExcluding": "11.0.2032.0", "versionStartIncluding": "10.1.2046.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:eset:endpoint_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "74708E09-04BF-47C1-88A9-B2A0C0FCF3B7", "versionEndExcluding": "11.0.2032.0", "versionStartIncluding": "10.1.2046.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:eset:internet_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "84EF91DD-15F6-4EF8-8B5F-C4CF4DBCBDF9", "versionEndExcluding": "17.0.15.0", "versionStartIncluding": "16.1.14.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:eset:mail_security:10.1.10012.0:*:*:*:*:exchange_server:*:*", "matchCriteriaId": "18A15279-74DB-487D-A585-BB07482505E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:eset:nod32_antivirus:*:*:*:*:*:*:*:*", "matchCriteriaId": "D18A8A98-430B-495B-AAD9-8198E995F77E", "versionEndExcluding": "17.0.15.0", "versionStartIncluding": "16.1.14.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:eset:smart_security_premium:*:*:*:*:*:*:*:*", "matchCriteriaId": "555830F1-6B12-44F7-B912-9061E0EB6E46", "versionEndExcluding": "17.0.15.0", "versionStartIncluding": "16.1.14.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Unquoted service path in ESET products allows to \n\ndrop a prepared program to a specific location\u00a0and\u00a0run on boot with the \n\nNT AUTHORITY\\NetworkService\u00a0permissions."}, {"lang": "es", "value": "La ruta de servicio sin comillas en los productos ESET permite colocar un programa preparado en una ubicaci\u00f3n espec\u00edfica y ejecutarlo al arrancar con los permisos NT AUTHORITY\\NetworkService."}], "id": "CVE-2023-7043", "lastModified": "2024-11-21T08:45:06.820", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "security@eset.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-31T13:15:10.147", "references": [{"source": "security@eset.com", "tags": ["Vendor Advisory"], "url": "https://support.eset.com/en/ca8602"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.eset.com/en/ca8602"}], "sourceIdentifier": "security@eset.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-428"}], "source": "security@eset.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-428"}], "source": "nvd@nist.gov", "type": "Primary"}]}