CVE-2023-7043 - OpenCVE

Unquoted service path in ESET products allows to drop a prepared program to a specific location and run on boot with the NT AUTHORITY\NetworkService permissions.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Eset	Endpoint Antivirus Endpoint Security Internet Security Mail Security Nod32 Antivirus Smart Security Premium

Configuration 1 [-]

OR	cpe:2.3:a:eset:endpoint_antivirus::::::::
	cpe:2.3:a:eset:endpoint_security::::::::
	cpe:2.3:a:eset:internet_security::::::::
	cpe:2.3:a:eset:mail_security:10.1.10012.0:::::exchange_server::
	cpe:2.3:a:eset:nod32_antivirus::::::::
	cpe:2.3:a:eset:smart_security_premium::::::::

No data.

References

Link	Providers
https://support.eset.com/en/ca8602

History

No history.

MITRE

Status: PUBLISHED

Assigner: ESET

Published: 2024-01-31T12:51:38.253Z

Updated: 2024-08-02T08:50:07.939Z

Reserved: 2023-12-21T12:14:56.731Z

Link: CVE-2023-7043

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2024-01-31T13:15:10.147

Modified: 2024-02-09T01:00:15.637

Link: CVE-2023-7043

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-7043", "assignerOrgId": "4a9b9929-2450-4021-b7b9-469a0255b215", "state": "PUBLISHED", "assignerShortName": "ESET", "dateReserved": "2023-12-21T12:14:56.731Z", "datePublished": "2024-01-31T12:51:38.253Z", "dateUpdated": "2024-08-02T08:50:07.939Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ESET Endpoint Security", "vendor": "ESET, spol. s r.o.", "versions": [{"lessThanOrEqual": "10.1.2063.x", "status": "affected", "version": "10.1.2046.x", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "ESET Endpoint Antivirus", "vendor": "ESET, spol. s r.o.", "versions": [{"lessThanOrEqual": "10.1.2063.x", "status": "affected", "version": "10.1.2046.x", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "ESET NOD32 Antivirus", "vendor": "ESET, spol. s r.o.", "versions": [{"lessThanOrEqual": "16.2.15.0", "status": "affected", "version": "16.1.14.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "ESET Internet Security", "vendor": "ESET, spol. s r.o.", "versions": [{"lessThanOrEqual": "16.2.15.0", "status": "affected", "version": "16.1.14.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "ESET Smart Security Premium", "vendor": "ESET, spol. s r.o.", "versions": [{"lessThanOrEqual": "16.2.15.0", "status": "affected", "version": "16.1.14.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "ESET Mail Security for Microsoft Exchange Server", "vendor": "ESET, spol. s r.o.", "versions": [{"status": "affected", "version": "10.1.10012.0"}]}], "datePublic": "2024-01-26T11:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Unquoted service path in ESET products allows to \n\n<span style=\"background-color: rgb(255, 255, 255);\">drop a prepared program to a specific location</span> and <span style=\"background-color: rgb(255, 255, 255);\">run on boot with </span><span style=\"background-color: rgb(255, 255, 255);\">the \n\nNT AUTHORITY\\NetworkService permissions.</span>"}], "value": "Unquoted service path in ESET products allows to \n\ndrop a prepared program to a specific location\u00a0and\u00a0run on boot with the \n\nNT AUTHORITY\\NetworkService\u00a0permissions."}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-428", "description": "CWE-428 Unquoted Search Path or Element", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "4a9b9929-2450-4021-b7b9-469a0255b215", "shortName": "ESET", "dateUpdated": "2024-01-31T12:52:10.301Z"}, "references": [{"url": "https://support.eset.com/en/ca8602"}], "source": {"advisory": "ca8602", "discovery": "UNKNOWN"}, "title": "Unquoted path privilege vulnerability in ESET products for Windows", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:50:07.939Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.eset.com/en/ca8602", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:eset:endpoint_antivirus:*:*:*:*:*:*:*:*", "matchCriteriaId": "50677A92-50F3-4020-BC55-B3C6FDB4511D", "versionEndExcluding": "11.0.2032.0", "versionStartIncluding": "10.1.2046.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:eset:endpoint_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "74708E09-04BF-47C1-88A9-B2A0C0FCF3B7", "versionEndExcluding": "11.0.2032.0", "versionStartIncluding": "10.1.2046.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:eset:internet_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "84EF91DD-15F6-4EF8-8B5F-C4CF4DBCBDF9", "versionEndExcluding": "17.0.15.0", "versionStartIncluding": "16.1.14.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:eset:mail_security:10.1.10012.0:*:*:*:*:exchange_server:*:*", "matchCriteriaId": "18A15279-74DB-487D-A585-BB07482505E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:eset:nod32_antivirus:*:*:*:*:*:*:*:*", "matchCriteriaId": "D18A8A98-430B-495B-AAD9-8198E995F77E", "versionEndExcluding": "17.0.15.0", "versionStartIncluding": "16.1.14.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:eset:smart_security_premium:*:*:*:*:*:*:*:*", "matchCriteriaId": "555830F1-6B12-44F7-B912-9061E0EB6E46", "versionEndExcluding": "17.0.15.0", "versionStartIncluding": "16.1.14.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unquoted service path in ESET products allows to \n\ndrop a prepared program to a specific location\u00a0and\u00a0run on boot with the \n\nNT AUTHORITY\\NetworkService\u00a0permissions."}, {"lang": "es", "value": "La ruta de servicio sin comillas en los productos ESET permite colocar un programa preparado en una ubicaci\u00f3n espec\u00edfica y ejecutarlo al arrancar con los permisos NT AUTHORITY\\NetworkService."}], "id": "CVE-2023-7043", "lastModified": "2024-02-09T01:00:15.637", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "security@eset.com", "type": "Secondary"}]}, "published": "2024-01-31T13:15:10.147", "references": [{"source": "security@eset.com", "tags": ["Vendor Advisory"], "url": "https://support.eset.com/en/ca8602"}], "sourceIdentifier": "security@eset.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-428"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-428"}], "source": "security@eset.com", "type": "Secondary"}]}