CVE-2024-0353 - OpenCVE

Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete files without having proper permission.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed

History

No history.

MITRE

Status: PUBLISHED

Assigner: ESET

Published: 2024-02-15T07:40:24.786Z

Updated: 2024-08-20T19:53:00.534Z

Reserved: 2024-01-09T14:21:58.755Z

Link: CVE-2024-0353

Vulnrichment

Updated: 2024-08-01T18:04:49.589Z

NVD

Status : Awaiting Analysis

Published: 2024-02-15T08:15:46.023

Modified: 2024-02-15T14:28:31.380

Link: CVE-2024-0353

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-0353", "assignerOrgId": "4a9b9929-2450-4021-b7b9-469a0255b215", "state": "PUBLISHED", "assignerShortName": "ESET", "dateReserved": "2024-01-09T14:21:58.755Z", "datePublished": "2024-02-15T07:40:24.786Z", "dateUpdated": "2024-08-20T19:53:00.534Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ESET NOD32 Antivirus", "vendor": "ESET, spol. s r.o.", "versions": [{"lessThanOrEqual": "16.2.15.0", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "ESET Internet Security", "vendor": "ESET, spol. s r.o.", "versions": [{"lessThanOrEqual": "16.2.15.0", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "ESET Smart Security Premium", "vendor": "ESET, spol. s r.o.", "versions": [{"lessThanOrEqual": "16.2.15.0", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "ESET Security Ultimate", "vendor": "ESET, spol. s r.o.", "versions": [{"lessThanOrEqual": "16.2.15.0", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "ESET Endpoint Antivirus for Windows", "vendor": "ESET, spol. s r.o.", "versions": [{"lessThanOrEqual": "10.1.2058.0", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThanOrEqual": "10.0.2049.0", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThanOrEqual": "9.1.2066.0", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThanOrEqual": "8.1.2052.0", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "ESET Endpoint Security for Windows", "vendor": "ESET, spol. s r.o.", "versions": [{"lessThanOrEqual": "10.1.2058.0", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThanOrEqual": "10.0.2049.0", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThanOrEqual": "9.1.2066.0", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThanOrEqual": "8.1.2052.0", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "ESET Server Security for Windows Server", "vendor": "ESET, spol. s r.o.", "versions": [{"lessThanOrEqual": "10.0.12014.0", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThanOrEqual": "9.0.12018.0", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThanOrEqual": "8.0.12015.0", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThanOrEqual": "7.3.12011.0", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "ESET Mail Security for Microsoft Exchange Server", "vendor": "ESET, spol. s r.o.", "versions": [{"lessThanOrEqual": "10.1.10010.0", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThanOrEqual": "10.0.10017.0", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThanOrEqual": "9.0.10011.0", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThanOrEqual": "8.0.10022.0", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThanOrEqual": "7.3.10014.0", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "ESET Mail Security for IBM Domino", "vendor": "ESET, spol. s r.o.", "versions": [{"lessThanOrEqual": "10.0.14006.0", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThanOrEqual": "9.0.14007.0", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThanOrEqual": "8.0.14010.0", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThanOrEqual": "7.3.14004.0", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "ESET Security for Microsoft SharePoint Server", "vendor": "ESET, spol. s r.o.", "versions": [{"lessThanOrEqual": "10.0.15004.0", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThanOrEqual": "9.0.15005.0", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThanOrEqual": "8.0.15011.0", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThanOrEqual": "7.3.15004.0", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "ESET File Security for Microsoft Azure", "vendor": "ESET, spol. s r.o.", "versions": [{"lessThanOrEqual": "all versions", "status": "affected", "version": "0", "versionType": "custom"}]}], "datePublic": "2024-02-14T11:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET\u2019s file operations to delete files without having proper permission."}], "value": "Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET\u2019s file operations to delete files without having proper permission."}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "4a9b9929-2450-4021-b7b9-469a0255b215", "shortName": "ESET", "dateUpdated": "2024-02-15T07:40:24.786Z"}, "references": [{"url": "https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed"}], "source": {"advisory": "ca8612", "discovery": "UNKNOWN"}, "title": "Local privilege escalation in Windows products", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:04:49.589Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "eset", "product": "nod32_antivirus", "cpes": ["cpe:2.3:a:eset:nod32_antivirus:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "16.2.15.0", "versionType": "custom"}]}, {"vendor": "eset", "product": "internet_security", "cpes": ["cpe:2.3:a:eset:internet_security:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "16.2.15.0", "versionType": "custom"}]}, {"vendor": "eset", "product": "smart_security_premium", "cpes": ["cpe:2.3:a:eset:smart_security_premium:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "16.2.15.0", "versionType": "custom"}]}, {"vendor": "eset", "product": "security_ultimate", "cpes": ["cpe:2.3:a:eset:security_ultimate:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "16.2.15.0", "versionType": "custom"}]}, {"vendor": "eset", "product": "endpoint_antivirus", "cpes": ["cpe:2.3:a:eset:endpoint_antivirus:-:*:*:*:*:windows:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "10.1.2058.0", "versionType": "custom"}]}, {"vendor": "eset", "product": "endpoint_security", "cpes": ["cpe:2.3:a:eset:endpoint_security:-:*:*:*:*:windows:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "10.1.2058.0", "versionType": "custom"}]}, {"vendor": "eset", "product": "server_security", "cpes": ["cpe:2.3:a:eset:server_security:-:*:*:*:*:windows_server:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "10.0.12014.0", "versionType": "custom"}]}, {"vendor": "eset", "product": "mail_security", "cpes": ["cpe:2.3:a:eset:mail_security:-:*:*:*:*:exchange_server:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "10.1.10010.0", "versionType": "custom"}]}, {"vendor": "eset", "product": "mail_security", "cpes": ["cpe:2.3:a:eset:mail_security:-:*:*:*:*:domino:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "10.0.14006.0", "versionType": "custom"}]}, {"vendor": "eset", "product": "security", "cpes": ["cpe:2.3:a:eset:security:-:*:*:*:*:sharepoint_server:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "10.0.15004.0", "versionType": "custom"}]}, {"vendor": "eset", "product": "file_security", "cpes": ["cpe:2.3:a:eset:file_security:-:*:*:*:*:azure:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-20T19:22:48.853538Z", "id": "CVE-2024-0353", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-20T19:53:00.534Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:04:49.589Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-0353", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-20T19:22:48.853538Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:eset:nod32_antivirus:*:*:*:*:*:*:*:*"], "vendor": "eset", "product": "nod32_antivirus", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "16.2.15.0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:eset:internet_security:*:*:*:*:*:*:*:*"], "vendor": "eset", "product": "internet_security", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "16.2.15.0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:eset:smart_security_premium:*:*:*:*:*:*:*:*"], "vendor": "eset", "product": "smart_security_premium", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "16.2.15.0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:eset:security_ultimate:*:*:*:*:*:*:*:*"], "vendor": "eset", "product": "security_ultimate", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "16.2.15.0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:eset:endpoint_antivirus:-:*:*:*:*:windows:*:*"], "vendor": "eset", "product": "endpoint_antivirus", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "10.1.2058.0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:eset:endpoint_security:-:*:*:*:*:windows:*:*"], "vendor": "eset", "product": "endpoint_security", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "10.1.2058.0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:eset:server_security:-:*:*:*:*:windows_server:*:*"], "vendor": "eset", "product": "server_security", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "10.0.12014.0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:eset:mail_security:-:*:*:*:*:exchange_server:*:*"], "vendor": "eset", "product": "mail_security", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "10.1.10010.0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:eset:mail_security:-:*:*:*:*:domino:*:*"], "vendor": "eset", "product": "mail_security", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "10.0.14006.0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:eset:security:-:*:*:*:*:sharepoint_server:*:*"], "vendor": "eset", "product": "security", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "10.0.15004.0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:eset:file_security:-:*:*:*:*:azure:*:*"], "vendor": "eset", "product": "file_security", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "*"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-20T19:52:39.580Z"}}], "cna": {"title": "Local privilege escalation in Windows products", "source": {"advisory": "ca8612", "discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "ESET, spol. s r.o.", "product": "ESET NOD32 Antivirus", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "16.2.15.0"}], "defaultStatus": "unaffected"}, {"vendor": "ESET, spol. s r.o.", "product": "ESET Internet Security", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "16.2.15.0"}], "defaultStatus": "unaffected"}, {"vendor": "ESET, spol. s r.o.", "product": "ESET Smart Security Premium", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "16.2.15.0"}], "defaultStatus": "unaffected"}, {"vendor": "ESET, spol. s r.o.", "product": "ESET Security Ultimate", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "16.2.15.0"}], "defaultStatus": "unaffected"}, {"vendor": "ESET, spol. s r.o.", "product": "ESET Endpoint Antivirus for Windows", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "10.1.2058.0"}, {"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "10.0.2049.0"}, {"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "9.1.2066.0"}, {"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "8.1.2052.0"}], "defaultStatus": "unaffected"}, {"vendor": "ESET, spol. s r.o.", "product": "ESET Endpoint Security for Windows", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "10.1.2058.0"}, {"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "10.0.2049.0"}, {"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "9.1.2066.0"}, {"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "8.1.2052.0"}], "defaultStatus": "unaffected"}, {"vendor": "ESET, spol. s r.o.", "product": "ESET Server Security for Windows Server", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "10.0.12014.0"}, {"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "9.0.12018.0"}, {"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "8.0.12015.0"}, {"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "7.3.12011.0"}], "defaultStatus": "unaffected"}, {"vendor": "ESET, spol. s r.o.", "product": "ESET Mail Security for Microsoft Exchange Server", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "10.1.10010.0"}, {"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "10.0.10017.0"}, {"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "9.0.10011.0"}, {"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "8.0.10022.0"}, {"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "7.3.10014.0"}], "defaultStatus": "unaffected"}, {"vendor": "ESET, spol. s r.o.", "product": "ESET Mail Security for IBM Domino", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "10.0.14006.0"}, {"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "9.0.14007.0"}, {"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "8.0.14010.0"}, {"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "7.3.14004.0"}], "defaultStatus": "unaffected"}, {"vendor": "ESET, spol. s r.o.", "product": "ESET Security for Microsoft SharePoint Server", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "10.0.15004.0"}, {"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "9.0.15005.0"}, {"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "8.0.15011.0"}, {"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "7.3.15004.0"}], "defaultStatus": "unaffected"}, {"vendor": "ESET, spol. s r.o.", "product": "ESET File Security for Microsoft Azure", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "all versions"}], "defaultStatus": "unaffected"}], "datePublic": "2024-02-14T11:00:00.000Z", "references": [{"url": "https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET\u2019s file operations to delete files without having proper permission.", "supportingMedia": [{"type": "text/html", "value": "Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET\u2019s file operations to delete files without having proper permission.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management"}]}], "providerMetadata": {"orgId": "4a9b9929-2450-4021-b7b9-469a0255b215", "shortName": "ESET", "dateUpdated": "2024-02-15T07:40:24.786Z"}}}, "cveMetadata": {"cveId": "CVE-2024-0353", "state": "PUBLISHED", "dateUpdated": "2024-08-20T19:53:00.534Z", "dateReserved": "2024-01-09T14:21:58.755Z", "assignerOrgId": "4a9b9929-2450-4021-b7b9-469a0255b215", "datePublished": "2024-02-15T07:40:24.786Z", "assignerShortName": "ESET"}, "dataVersion": "5.1"}