CVE-2024-6654 - Vulnerability Details - OpenCVE

Products for macOS enables a user logged on to the system to perform a denial-of-service attack, which could be misused to disable the protection of the ESET security product and cause general system slow-down.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://support.eset.com/en/ca8725-denial-of-service-vulnerability-in-eset-products-for-macos-fixed

History

Wed, 09 Oct 2024 09:45:00 +0000

Type	Values Removed	Values Added
References	https://support.eset.com/en/ca8725-local-privilege-escalation-vulnerability-in-eset-products-for-macos-fixed

Wed, 09 Oct 2024 09:00:00 +0000

Type	Values Removed	Values Added
References		https://support.eset.com/en/ca8725-denial-of-service-vulnerability-in-eset-products-for-macos-fixed

Fri, 27 Sep 2024 18:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 27 Sep 2024 09:15:00 +0000

Type	Values Removed	Values Added
Description		Products for macOS enables a user logged on to the system to perform a denial-of-service attack, which could be misused to disable the protection of the ESET security product and cause general system slow-down.
Title		Denial of Service vulnerability in ESET products for macOS
Weaknesses		CWE-377
References		https://support.eset.com/en/ca8725-local-privilege-escalation-vulnerability-in-eset-products-for-macos-fixed
Metrics		cvssV4_0 `{'score': 6.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: ESET

Published: 2024-09-27T08:54:28.250Z

Updated: 2024-10-09T08:47:17.411Z

Reserved: 2024-07-10T12:49:03.365Z

Link: CVE-2024-6654

Vulnrichment

Updated: 2024-09-27T17:56:46.577Z

NVD

Status : Awaiting Analysis

Published: 2024-09-27T09:15:03.937

Modified: 2024-10-09T09:15:06.713

Link: CVE-2024-6654

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-6654", "assignerOrgId": "4a9b9929-2450-4021-b7b9-469a0255b215", "state": "PUBLISHED", "assignerShortName": "ESET", "dateReserved": "2024-07-10T12:49:03.365Z", "datePublished": "2024-09-27T08:54:28.250Z", "dateUpdated": "2024-10-09T08:47:17.411Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ESET Cyber Security", "vendor": "ESET, spol. s r.o.", "versions": [{"lessThan": "7.5.74.0", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "ESET Endpoint Security for macOS", "vendor": "ESET, spol. s r.o.", "versions": [{"lessThan": "8.0.7200.0", "status": "affected", "version": "0", "versionType": "custom"}]}], "datePublic": "2024-09-20T10:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\">Products for macOS enables a</span> user logged on to the system to perform a denial-of-service attack, which could be misused to disable the protection of the ESET security product and cause general system slow-down.</span>"}], "value": "Products for macOS enables a\u00a0user logged on to the system to perform a denial-of-service attack, which could be misused to disable the protection of the ESET security product and cause general system slow-down."}], "impacts": [{"capecId": "CAPEC-132", "descriptions": [{"lang": "en", "value": "CAPEC-132 Symlink Attack"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.8, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-377", "description": "CWE-377 Insecure Temporary File", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "4a9b9929-2450-4021-b7b9-469a0255b215", "shortName": "ESET", "dateUpdated": "2024-10-09T08:47:17.411Z"}, "references": [{"url": "https://support.eset.com/en/ca8725-denial-of-service-vulnerability-in-eset-products-for-macos-fixed"}], "source": {"advisory": "ca8725", "discovery": "UNKNOWN"}, "title": "Denial of Service vulnerability in ESET products for macOS", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-27T17:56:41.549153Z", "id": "CVE-2024-6654", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-27T17:56:50.919Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-6654", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-27T17:56:41.549153Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-27T17:56:46.577Z"}}], "cna": {"title": "Denial of Service vulnerability in ESET products for macOS", "source": {"advisory": "ca8725", "discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-132", "descriptions": [{"lang": "en", "value": "CAPEC-132 Symlink Attack"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.8, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "ESET, spol. s r.o.", "product": "ESET Cyber Security", "versions": [{"status": "affected", "version": "0", "lessThan": "7.5.74.0", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "ESET, spol. s r.o.", "product": "ESET Endpoint Security for macOS", "versions": [{"status": "affected", "version": "0", "lessThan": "8.0.7200.0", "versionType": "custom"}], "defaultStatus": "unaffected"}], "datePublic": "2024-09-20T10:00:00.000Z", "references": [{"url": "https://support.eset.com/en/ca8725-denial-of-service-vulnerability-in-eset-products-for-macos-fixed"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Products for macOS enables a\u00a0user logged on to the system to perform a denial-of-service attack, which could be misused to disable the protection of the ESET security product and cause general system slow-down.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\">Products for macOS enables a</span> user logged on to the system to perform a denial-of-service attack, which could be misused to disable the protection of the ESET security product and cause general system slow-down.</span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-377", "description": "CWE-377 Insecure Temporary File"}]}], "providerMetadata": {"orgId": "4a9b9929-2450-4021-b7b9-469a0255b215", "shortName": "ESET", "dateUpdated": "2024-10-09T08:47:17.411Z"}}}, "cveMetadata": {"cveId": "CVE-2024-6654", "state": "PUBLISHED", "dateUpdated": "2024-10-09T08:47:17.411Z", "dateReserved": "2024-07-10T12:49:03.365Z", "assignerOrgId": "4a9b9929-2450-4021-b7b9-469a0255b215", "datePublished": "2024-09-27T08:54:28.250Z", "assignerShortName": "ESET"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Products for macOS enables a\u00a0user logged on to the system to perform a denial-of-service attack, which could be misused to disable the protection of the ESET security product and cause general system slow-down."}, {"lang": "es", "value": "Los productos para macOS permiten que un usuario conectado al sistema realice un ataque de denegaci\u00f3n de servicio, que podr\u00eda usarse indebidamente para deshabilitar la protecci\u00f3n del producto de seguridad de ESET y provocar una ralentizaci\u00f3n general del sistema."}], "id": "CVE-2024-6654", "lastModified": "2024-10-09T09:15:06.713", "metrics": {"cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "HIGH", "vulnerableSystemConfidentiality": "NONE", "vulnerableSystemIntegrity": "NONE"}, "source": "security@eset.com", "type": "Secondary"}]}, "published": "2024-09-27T09:15:03.937", "references": [{"source": "security@eset.com", "url": "https://support.eset.com/en/ca8725-denial-of-service-vulnerability-in-eset-products-for-macos-fixed"}], "sourceIdentifier": "security@eset.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-377"}], "source": "security@eset.com", "type": "Secondary"}]}