Vulnerabilites related to ESET, spol. s r.o. - ESET Security Ultimate
CVE-2024-7400 (GCVE-0-2024-7400)
Vulnerability from cvelistv5
Published
2024-09-27 07:02
Modified
2024-09-27 18:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1386 - Insecure Operation on Windows Junction / Mount Point
Summary
The vulnerability potentially allowed an attacker to misuse ESET’s file operations during the removal of a detected file on the Windows operating system to delete files without having proper permissions to do so.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | ESET, spol. s r.o. | ESET NOD32 Antivirus |
Version: 0 < |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:eset:security:-:*:*:*:*:sharepoint_server:*:*",
"cpe:2.3:a:eset:safe_server:-:*:*:*:*:*:*:*",
"cpe:2.3:a:eset:security_ultimate:*:*:*:*:*:*:*:*",
"cpe:2.3:a:eset:server_security:-:*:*:*:*:windows_server:*:*",
"cpe:2.3:a:eset:small_business_security:*:*:*:*:*:*:*:*",
"cpe:2.3:a:eset:smart_security:-:*:*:*:premium:*:*:*",
"cpe:2.3:a:eset:nod32_antivirus:*:*:*:*:*:*:*:*",
"cpe:2.3:a:eset:endpoint_antivirus:*:*:*:*:*:*:*:*",
"cpe:2.3:a:eset:endpoint_security:-:*:*:*:*:windows:*:*",
"cpe:2.3:a:eset:file_security:-:*:*:*:*:azure:*:*",
"cpe:2.3:a:eset:internet_security:*:*:*:*:*:*:*:*",
"cpe:2.3:a:eset:mail_security:-:*:*:*:*:domino:*:*",
"cpe:2.3:a:eset:mail_security:-:*:*:*:*:exchange_server:*:*"
],
"defaultStatus": "unaffected",
"product": "mail_security",
"vendor": "eset",
"versions": [
{
"lessThanOrEqual": "1250",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7400",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-27T17:57:43.358687Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T18:54:39.099Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Cleaner module"
],
"product": "ESET NOD32 Antivirus",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThanOrEqual": "1250",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Cleaner module"
],
"product": "ESET Internet Security",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThanOrEqual": "1250",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Cleaner module"
],
"product": "ESET Smart Security Premium",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThanOrEqual": "1250",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Cleaner module"
],
"product": "ESET Security Ultimate",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThanOrEqual": "1250",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Cleaner module"
],
"product": "ESET Small Business Security",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThanOrEqual": "1250",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Cleaner module"
],
"product": "ESET Safe Server",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThanOrEqual": "1250",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Cleaner module"
],
"product": "ESET Endpoint Antivirus",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThanOrEqual": "1250",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Cleaner module"
],
"product": "ESET Endpoint Security for Windows",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThanOrEqual": "1250",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Cleaner module"
],
"product": "ESET Server Security for Windows Server",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThanOrEqual": "1250",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Cleaner module"
],
"product": "ESET Mail Security for Microsoft Exchange Server",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThanOrEqual": "1250",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Cleaner module"
],
"product": "ESET Mail Security for IBM Domino",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThanOrEqual": "1250",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Cleaner module"
],
"product": "ESET Security for Microsoft SharePoint Server",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThanOrEqual": "1250",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Cleaner module"
],
"product": "ESET File Security for Microsoft Azure",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThanOrEqual": "1250",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-09-20T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe vulnerability potentially allowed an attacker to misuse ESET\u2019s file operations during the removal of a detected file on the Windows operating system to delete files without having proper permissions to do so.\u003c/span\u003e"
}
],
"value": "The vulnerability potentially allowed an attacker to misuse ESET\u2019s file operations during the removal of a detected file on the Windows operating system to delete files without having proper permissions to do so."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1386",
"description": "CWE-1386 Insecure Operation on Windows Junction / Mount Point",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T07:02:28.931Z",
"orgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
"shortName": "ESET"
},
"references": [
{
"url": "https://support.eset.com/en/ca8726-local-privilege-escalation-fixed-for-vulnerability-during-detected-file-removal-in-eset-products-for-windows"
}
],
"source": {
"advisory": "ca8726",
"discovery": "UNKNOWN"
},
"title": "Local privilege escalation in ESET products for Windows",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
"assignerShortName": "ESET",
"cveId": "CVE-2024-7400",
"datePublished": "2024-09-27T07:02:28.931Z",
"dateReserved": "2024-08-02T07:12:41.358Z",
"dateUpdated": "2024-09-27T18:54:39.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11859 (GCVE-0-2024-11859)
Vulnerability from cvelistv5
Published
2025-04-07 08:08
Modified
2025-04-16 10:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-427 - Uncontrolled Search Path Element
Summary
DLL Search Order Hijacking vulnerability potentially allowed an attacker with administrator privileges to load a malicious dynamic-link library and execute its code.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | ESET, spol. s r.o. | ESET NOD32 Antivirus |
Version: 0 < |
|||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11859",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T16:33:40.931389Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T16:35:08.284Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ESET NOD32 Antivirus",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThanOrEqual": "18.0.12.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ESET Internet Security",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThanOrEqual": "18.0.12.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ESET Smart Security Premium",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThanOrEqual": "18.0.12.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ESET Security Ultimate",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThanOrEqual": "18.0.12.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ESET Endpoint Antivirus for Windows",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThanOrEqual": "12.0.2038.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "11.1.2053.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ESET Endpoint Security for Windows",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThanOrEqual": "12.0.2038.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "11.1.2053.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ESET Small Business Security",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThanOrEqual": "18.0.12.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ESET Safe Server",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThanOrEqual": "18.0.12.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ESET Server Security for Windows Server",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThanOrEqual": "11.1.12005.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ESET Mail Security for Microsoft Exchange Server",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThanOrEqual": "11.1.10008.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "11.0.10008.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "10.1.10014.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ESET Security for Microsoft SharePoint Server",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThanOrEqual": "11.1.15001.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "11.0.15004.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "10.0.15005.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-04-04T20:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "DLL Search Order Hijacking vulnerability potentially allowed an attacker with administrator privileges to load a malicious dynamic-link library and execute its code."
}
],
"value": "DLL Search Order Hijacking vulnerability potentially allowed an attacker with administrator privileges to load a malicious dynamic-link library and execute its code."
}
],
"impacts": [
{
"capecId": "CAPEC-471",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-471 Search Order Hijacking"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T10:52:29.591Z",
"orgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
"shortName": "ESET"
},
"references": [
{
"url": "https://support.eset.com/en/ca8810-dll-search-order-hijacking-vulnerability-in-eset-products-for-windows-fixed"
}
],
"source": {
"advisory": "CA8810",
"discovery": "UNKNOWN"
},
"title": "DLL Search Order Hijacking in ESET products for Windows",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
"assignerShortName": "ESET",
"cveId": "CVE-2024-11859",
"datePublished": "2025-04-07T08:08:22.127Z",
"dateReserved": "2024-11-27T11:06:09.575Z",
"dateUpdated": "2025-04-16T10:52:29.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2003 (GCVE-0-2024-2003)
Vulnerability from cvelistv5
Published
2024-06-21 07:20
Modified
2024-08-01 18:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-269 - Improper Privilege Management
Summary
Local privilege escalation vulnerability allowed an attacker to misuse ESET's file operations during a restore operation from quarantine.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | ESET, spol. s r.o. | ESET NOD32 Antivirus |
Version: 0 < 1610 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:eset:safe_server:-:*:*:*:*:*:*:*",
"cpe:2.3:a:eset:file_security:-:*:*:*:*:azure:*:*",
"cpe:2.3:a:eset:security:-:*:*:*:*:sharepoint_server:*:*",
"cpe:2.3:a:eset:mail_security:-:*:*:*:*:domino:*:*",
"cpe:2.3:a:eset:server_security:-:*:*:*:*:windows_server:*:*",
"cpe:2.3:a:eset:endpoint_security:-:*:*:*:*:windows:*:*",
"cpe:2.3:a:eset:endpoint_antivirus:-:*:*:*:*:windows:*:*",
"cpe:2.3:a:eset:smart_security:-:*:*:*:business:*:*:*",
"cpe:2.3:a:eset:security:-:*:*:*:ultimate:*:*:*",
"cpe:2.3:a:eset:smart_security:-:*:*:*:premium:*:*:*",
"cpe:2.3:a:eset:nod32:-:-:*:*:*:*:*:*",
"cpe:2.3:a:eset:internet_security:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "internet_security",
"vendor": "eset",
"versions": [
{
"lessThan": "1610",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2003",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-21T14:03:09.499428Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T14:18:48.023Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:56:22.634Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.eset.com/ca8674"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Antivirus and antispyware scanner module"
],
"product": "ESET NOD32 Antivirus",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThan": "1610",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Antivirus and antispyware scanner module"
],
"product": "ESET Internet Security",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThan": "1610",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Antivirus and antispyware scanner module"
],
"product": "ESET Smart Security Premium",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThan": "1610",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Antivirus and antispyware scanner module"
],
"product": "ESET Security Ultimate",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThan": "1610",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Antivirus and antispyware scanner module"
],
"product": "ESET Small Business Security",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThan": "1610",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Antivirus and antispyware scanner module"
],
"product": "ESET Safe Server",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThan": "1610",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Antivirus and antispyware scanner module"
],
"product": "ESET Endpoint Antivirus for Windows",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThan": "1610",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Antivirus and antispyware scanner module"
],
"product": "ESET Endpoint Security for Windows",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThan": "1610",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Antivirus and antispyware scanner module"
],
"product": "ESET Server Security for Windows Server",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThan": "1610",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Antivirus and antispyware scanner module"
],
"product": "ESET Mail Security for Microsoft Exchange Server",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThan": "1610",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Antivirus and antispyware scanner module"
],
"product": "ESET Mail Security for IBM Domino",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThan": "1610",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Antivirus and antispyware scanner module"
],
"product": "ESET Security for Microsoft SharePoint Server",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThan": "1610",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Antivirus and antispyware scanner module"
],
"product": "ESET File Security for Microsoft Azure",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThan": "1610",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-06-20T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Local privilege escalation vulnerability allowed an attacker to misuse ESET\u0027s file operations during a restore operation from quarantine."
}
],
"value": "Local privilege escalation vulnerability allowed an attacker to misuse ESET\u0027s file operations during a restore operation from quarantine."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T07:20:03.749Z",
"orgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
"shortName": "ESET"
},
"references": [
{
"url": "https://support.eset.com/ca8674"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Local Privilege Escalation in Quarantine of ESET products for Windows",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
"assignerShortName": "ESET",
"cveId": "CVE-2024-2003",
"datePublished": "2024-06-21T07:20:03.749Z",
"dateReserved": "2024-02-29T10:37:14.649Z",
"dateUpdated": "2024-08-01T18:56:22.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0353 (GCVE-0-2024-0353)
Vulnerability from cvelistv5
Published
2024-02-15 07:40
Modified
2024-11-25 18:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-269 - Improper Privilege Management
Summary
Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete files without having proper permission.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | ESET, spol. s r.o. | ESET NOD32 Antivirus |
Version: 0 < |
|||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-11-25T18:15:23.590Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://packetstormsecurity.com/files/182464/ESET-NOD32-Antivirus-18.0.12.0-Unquoted-Service-Path.html"
},
{
"url": "https://packetstormsecurity.com/files/179495/ESET-NOD32-Antivirus-17.2.7.0-Unquoted-Service-Path.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:eset:nod32_antivirus:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nod32_antivirus",
"vendor": "eset",
"versions": [
{
"lessThanOrEqual": "16.2.15.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:eset:internet_security:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "internet_security",
"vendor": "eset",
"versions": [
{
"lessThanOrEqual": "16.2.15.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:eset:smart_security_premium:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smart_security_premium",
"vendor": "eset",
"versions": [
{
"lessThanOrEqual": "16.2.15.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:eset:security_ultimate:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "security_ultimate",
"vendor": "eset",
"versions": [
{
"lessThanOrEqual": "16.2.15.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:eset:endpoint_antivirus:-:*:*:*:*:windows:*:*"
],
"defaultStatus": "unknown",
"product": "endpoint_antivirus",
"vendor": "eset",
"versions": [
{
"lessThanOrEqual": "10.1.2058.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:eset:endpoint_security:-:*:*:*:*:windows:*:*"
],
"defaultStatus": "unknown",
"product": "endpoint_security",
"vendor": "eset",
"versions": [
{
"lessThanOrEqual": "10.1.2058.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:eset:server_security:-:*:*:*:*:windows_server:*:*"
],
"defaultStatus": "unknown",
"product": "server_security",
"vendor": "eset",
"versions": [
{
"lessThanOrEqual": "10.0.12014.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:eset:mail_security:-:*:*:*:*:exchange_server:*:*"
],
"defaultStatus": "unknown",
"product": "mail_security",
"vendor": "eset",
"versions": [
{
"lessThanOrEqual": "10.1.10010.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:eset:mail_security:-:*:*:*:*:domino:*:*"
],
"defaultStatus": "unknown",
"product": "mail_security",
"vendor": "eset",
"versions": [
{
"lessThanOrEqual": "10.0.14006.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:eset:security:-:*:*:*:*:sharepoint_server:*:*"
],
"defaultStatus": "unknown",
"product": "security",
"vendor": "eset",
"versions": [
{
"lessThanOrEqual": "10.0.15004.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:eset:file_security:-:*:*:*:*:azure:*:*"
],
"defaultStatus": "unknown",
"product": "file_security",
"vendor": "eset",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0353",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-20T19:22:48.853538Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-20T19:53:00.534Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ESET NOD32 Antivirus",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThanOrEqual": "16.2.15.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ESET Internet Security",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThanOrEqual": "16.2.15.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ESET Smart Security Premium",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThanOrEqual": "16.2.15.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ESET Security Ultimate",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThanOrEqual": "16.2.15.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ESET Endpoint Antivirus for Windows",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThanOrEqual": "10.1.2058.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "10.0.2049.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.1.2066.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.1.2052.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ESET Endpoint Security for Windows",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThanOrEqual": "10.1.2058.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "10.0.2049.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.1.2066.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.1.2052.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ESET Server Security for Windows Server",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThanOrEqual": "10.0.12014.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.0.12018.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.0.12015.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "7.3.12011.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ESET Mail Security for Microsoft Exchange Server",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThanOrEqual": "10.1.10010.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "10.0.10017.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.0.10011.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.0.10022.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "7.3.10014.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ESET Mail Security for IBM Domino",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThanOrEqual": "10.0.14006.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.0.14007.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.0.14010.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "7.3.14004.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ESET Security for Microsoft SharePoint Server",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThanOrEqual": "10.0.15004.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.0.15005.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.0.15011.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "7.3.15004.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ESET File Security for Microsoft Azure",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThanOrEqual": "all versions",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-02-14T11:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET\u2019s file operations to delete files without having proper permission."
}
],
"value": "Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET\u2019s file operations to delete files without having proper permission."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-15T07:40:24.786Z",
"orgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
"shortName": "ESET"
},
"references": [
{
"url": "https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed"
}
],
"source": {
"advisory": "ca8612",
"discovery": "UNKNOWN"
},
"title": "Local privilege escalation in Windows products",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
"assignerShortName": "ESET",
"cveId": "CVE-2024-0353",
"datePublished": "2024-02-15T07:40:24.786Z",
"dateReserved": "2024-01-09T14:21:58.755Z",
"dateUpdated": "2024-11-25T18:15:23.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5594 (GCVE-0-2023-5594)
Vulnerability from cvelistv5
Published
2023-12-21 11:30
Modified
2024-08-02 08:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-295 - Improper Certificate Validation
Summary
Improper validation of the server’s certificate chain in secure traffic scanning feature considered intermediate certificate signed using the MD5 or SHA1 algorithm as trusted.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:07:32.481Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.eset.com/en/ca8562-eset-customer-advisory-improper-following-of-a-certificates-chain-of-trust-in-eset-security-products-fixed"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Internet protection module"
],
"product": "ESET NOD32 Antivirus",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"status": "unaffected",
"version": "1464"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Internet protection module"
],
"product": "ESET Internet Security",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"status": "unaffected",
"version": "1464"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Internet protection module"
],
"product": "ESET Smart Security Premium",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"status": "unaffected",
"version": "1464"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Internet protection module"
],
"product": "ESET Security Ultimate",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"status": "unaffected",
"version": "1464"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Internet protection module"
],
"product": "ESET Endpoint Antivirus",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"status": "unaffected",
"version": "1464"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Internet protection module"
],
"product": "ESET Endpoint Security",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"status": "unaffected",
"version": "1464"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Internet protection module"
],
"product": "ESET Endpoint Antivirus for Linux 10.0 and above",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"status": "unaffected",
"version": "1464"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Internet protection module"
],
"product": "ESET Server Security for Windows Server",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"status": "unaffected",
"version": "1464"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Internet protection module"
],
"product": "ESET Mail Security for Microsoft Exchange Server",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"status": "unaffected",
"version": "1464"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Internet protection module"
],
"product": "ESET Mail Security for IBM Domino",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"status": "unaffected",
"version": "1464"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Internet protection module"
],
"product": "ESET Security for Microsoft SharePoint Server",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"status": "unaffected",
"version": "1464"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Internet protection module"
],
"product": "ESET File Security for Microsoft Azure",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"status": "unaffected",
"version": "1464"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Internet protection module"
],
"product": "ESET Server Security for Linux 10.1 and above ",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"status": "unaffected",
"version": "1464"
}
]
}
],
"datePublic": "2023-12-20T11:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper validation of the server\u2019s certificate chain in secure traffic scanning feature considered intermediate certificate signed using the MD5 or SHA1 algorithm as trusted."
}
],
"value": "Improper validation of the server\u2019s certificate chain in secure traffic scanning feature considered intermediate certificate signed using the MD5 or SHA1 algorithm as trusted."
}
],
"impacts": [
{
"capecId": "CAPEC-94",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-94 Man in the Middle Attack"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-21T11:30:41.256Z",
"orgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
"shortName": "ESET"
},
"references": [
{
"url": "https://support.eset.com/en/ca8562-eset-customer-advisory-improper-following-of-a-certificates-chain-of-trust-in-eset-security-products-fixed"
}
],
"source": {
"advisory": "ca8562",
"discovery": "UNKNOWN"
},
"title": "Improper following of a certificate\u0027s chain of trust\u202fin ESET security products",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
"assignerShortName": "ESET",
"cveId": "CVE-2023-5594",
"datePublished": "2023-12-21T11:30:41.256Z",
"dateReserved": "2023-10-16T08:12:50.985Z",
"dateUpdated": "2024-08-02T08:07:32.481Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}