Vulnerabilites related to eset - cyber_security
CVE-2020-10180 (GCVE-0-2020-10180)
Vulnerability from cvelistv5
Published
2020-03-05 18:44
Modified
2024-08-04 10:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The ESET AV parsing engine allows virus-detection bypass via a crafted BZ2 Checksum field in an archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security, and NOD32 Antivirus 4 for Linux Desktop.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.826Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.zoller.lu/p/tzo-11-2020-eset-generic-malformed.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The ESET AV parsing engine allows virus-detection bypass via a crafted BZ2 Checksum field in an archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security, and NOD32 Antivirus 4 for Linux Desktop."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-05T18:44:58",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.zoller.lu/p/tzo-11-2020-eset-generic-malformed.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10180",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ESET AV parsing engine allows virus-detection bypass via a crafted BZ2 Checksum field in an archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security, and NOD32 Antivirus 4 for Linux Desktop."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.zoller.lu/p/tzo-11-2020-eset-generic-malformed.html",
"refsource": "MISC",
"url": "https://blog.zoller.lu/p/tzo-11-2020-eset-generic-malformed.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-10180",
"datePublished": "2020-03-05T18:44:58",
"dateReserved": "2020-03-05T00:00:00",
"dateUpdated": "2024-08-04T10:50:57.826Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9264 (GCVE-0-2020-9264)
Vulnerability from cvelistv5
Published
2020-02-18 14:56
Modified
2024-08-04 10:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ESET Archive Support Module before 1296 allows virus-detection bypass via a crafted Compression Information Field in a ZIP archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security, and NOD32 Antivirus 4 for Linux Desktop.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:26:14.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.eset.com/en/ca7387-modules-review-december-2019"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.zoller.lu/p/tzo-11-2020-eset-generic-malformed.html"
},
{
"name": "20200218 Re: [TZO-03-2020] ESET Generic Malformed Archive Bypass (ZIP Compression Information)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Feb/21"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ESET Archive Support Module before 1296 allows virus-detection bypass via a crafted Compression Information Field in a ZIP archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security, and NOD32 Antivirus 4 for Linux Desktop."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-18T18:06:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.eset.com/en/ca7387-modules-review-december-2019"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.zoller.lu/p/tzo-11-2020-eset-generic-malformed.html"
},
{
"name": "20200218 Re: [TZO-03-2020] ESET Generic Malformed Archive Bypass (ZIP Compression Information)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Feb/21"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-9264",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ESET Archive Support Module before 1296 allows virus-detection bypass via a crafted Compression Information Field in a ZIP archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security, and NOD32 Antivirus 4 for Linux Desktop."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.eset.com/en/ca7387-modules-review-december-2019",
"refsource": "MISC",
"url": "https://support.eset.com/en/ca7387-modules-review-december-2019"
},
{
"name": "https://blog.zoller.lu/p/tzo-11-2020-eset-generic-malformed.html",
"refsource": "MISC",
"url": "https://blog.zoller.lu/p/tzo-11-2020-eset-generic-malformed.html"
},
{
"name": "20200218 Re: [TZO-03-2020] ESET Generic Malformed Archive Bypass (ZIP Compression Information)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Feb/21"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-9264",
"datePublished": "2020-02-18T14:56:52",
"dateReserved": "2020-02-18T00:00:00",
"dateUpdated": "2024-08-04T10:26:14.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2847 (GCVE-0-2023-2847)
Vulnerability from cvelistv5
Published
2023-06-15 07:46
Modified
2024-12-12 16:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-269 - Improper Privilege Management
Summary
During internal security analysis, a local privilege escalation vulnerability has been identified. On a machine with the affected ESET product installed, it was possible for a user with lower privileges due to improper privilege management to trigger actions with root privileges.
ESET remedied this possible attack vector and has prepared new builds of its products that are no longer susceptible to this vulnerability.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | ESET | Server Security for Linux | ||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:33:05.820Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://support.eset.com/en/ca8447"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2847",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-12T16:38:10.347865Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-12T16:38:25.361Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Server Security for Linux",
"vendor": "ESET",
"versions": [
{
"status": "unaffected",
"version": "9.1.98.0"
},
{
"status": "unaffected",
"version": "9.0.466.0"
},
{
"status": "unaffected",
"version": "8.1.823.0"
}
]
},
{
"defaultStatus": "affected",
"product": "Endpoint Antivirus for Linux",
"vendor": "ESET",
"versions": [
{
"status": "unaffected",
"version": "9.1.11.0"
},
{
"status": "unaffected",
"version": "9.0.10.0"
},
{
"status": "unaffected",
"version": "8.1.12.0"
}
]
},
{
"defaultStatus": "affected",
"product": "Cyber Security",
"vendor": "ESET ",
"versions": [
{
"status": "unaffected",
"version": "7.3.3700.0"
}
]
},
{
"defaultStatus": "affected",
"product": "Endpoint Antivirus for macOS",
"vendor": "ESET ",
"versions": [
{
"status": "unaffected",
"version": "7.3.3600.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eDuring internal security analysis, a local privilege escalation vulnerability has been identified. On a machine with the affected ESET product installed, it was possible for a user with lower privileges due to improper privilege management to trigger actions with root privileges.\u003c/p\u003e\u003cp\u003eESET remedied this possible attack vector and has prepared new builds of its products that are no longer susceptible to this vulnerability.\u003c/p\u003e\n\n"
}
],
"value": "\nDuring internal security analysis, a local privilege escalation vulnerability has been identified. On a machine with the affected ESET product installed, it was possible for a user with lower privileges due to improper privilege management to trigger actions with root privileges.\n\nESET remedied this possible attack vector and has prepared new builds of its products that are no longer susceptible to this vulnerability.\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-15T07:46:47.134Z",
"orgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
"shortName": "ESET"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://support.eset.com/en/ca8447"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Local privilege escalation in ESET products for Linux and MacOS",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
"assignerShortName": "ESET",
"cveId": "CVE-2023-2847",
"datePublished": "2023-06-15T07:46:47.134Z",
"dateReserved": "2023-05-23T07:26:04.714Z",
"dateUpdated": "2024-12-12T16:38:25.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-37850 (GCVE-0-2021-37850)
Vulnerability from cvelistv5
Published
2021-11-08 13:35
Modified
2024-08-04 01:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Denial Of Service
Summary
ESET was made aware of a vulnerability in its consumer and business products for macOS that enables a user logged on to the system to stop the ESET daemon, effectively disabling the protection of the ESET security product until a system reboot.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | ESET, spol. s r.o. | ESET Cyber Security |
Version: unspecified < |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:30:09.156Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.eset.com/en/ca8151"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ESET Cyber Security",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThanOrEqual": "6.10.700",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "ESET Cyber Security Pro",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThan": "6.10.700",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "ESET Endpoint Antivirus for macOS",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThan": "6.10.910.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "ESET Endpoint Security for macOS",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThan": "6.10.910.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ESET values the principles of responsible disclosure within the security industry and would like to express our thanks to Teiei Shu (\u5ef7\u53e1 \u5468) who reported this issue."
}
],
"descriptions": [
{
"lang": "en",
"value": "ESET was made aware of a vulnerability in its consumer and business products for macOS that enables a user logged on to the system to stop the ESET daemon, effectively disabling the protection of the ESET security product until a system reboot."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial Of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-08T13:35:49",
"orgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
"shortName": "ESET"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.eset.com/en/ca8151"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Denial of service in ESET for Mac products",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@eset.com",
"ID": "CVE-2021-37850",
"STATE": "PUBLIC",
"TITLE": "Denial of service in ESET for Mac products"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ESET Cyber Security",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "6.10.700"
}
]
}
},
{
"product_name": "ESET Cyber Security Pro",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "6.10.700"
}
]
}
},
{
"product_name": "ESET Endpoint Antivirus for macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "6.10.910.0"
}
]
}
},
{
"product_name": "ESET Endpoint Security for macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "6.10.910.0"
}
]
}
}
]
},
"vendor_name": "ESET, spol. s r.o."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "ESET values the principles of responsible disclosure within the security industry and would like to express our thanks to Teiei Shu (\u5ef7\u53e1 \u5468) who reported this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ESET was made aware of a vulnerability in its consumer and business products for macOS that enables a user logged on to the system to stop the ESET daemon, effectively disabling the protection of the ESET security product until a system reboot."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial Of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.eset.com/en/ca8151",
"refsource": "MISC",
"url": "https://support.eset.com/en/ca8151"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
"assignerShortName": "ESET",
"cveId": "CVE-2021-37850",
"datePublished": "2021-11-08T13:35:49",
"dateReserved": "2021-08-02T00:00:00",
"dateUpdated": "2024-08-04T01:30:09.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10193 (GCVE-0-2020-10193)
Vulnerability from cvelistv5
Published
2020-03-06 19:26
Modified
2024-08-04 10:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ESET Archive Support Module before 1294 allows virus-detection bypass via crafted RAR Compression Information in an archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security, and NOD32 Antivirus 4 for Linux Desktop.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:58:39.025Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.zoller.lu/p/from-low-hanging-fruit-department_13.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ESET Archive Support Module before 1294 allows virus-detection bypass via crafted RAR Compression Information in an archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security, and NOD32 Antivirus 4 for Linux Desktop."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-06T19:26:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.zoller.lu/p/from-low-hanging-fruit-department_13.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10193",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ESET Archive Support Module before 1294 allows virus-detection bypass via crafted RAR Compression Information in an archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security, and NOD32 Antivirus 4 for Linux Desktop."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.zoller.lu/p/from-low-hanging-fruit-department_13.html",
"refsource": "MISC",
"url": "https://blog.zoller.lu/p/from-low-hanging-fruit-department_13.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-10193",
"datePublished": "2020-03-06T19:26:05",
"dateReserved": "2020-03-06T00:00:00",
"dateUpdated": "2024-08-04T10:58:39.025Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17549 (GCVE-0-2019-17549)
Vulnerability from cvelistv5
Published
2020-03-03 14:25
Modified
2024-08-05 01:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ESET Cyber Security before 6.8.1.0 is vulnerable to a denial-of-service allowing any user to stop (kill) ESET processes. An attacker can abuse this bug to stop the protection from ESET and launch his attack.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:40:15.982Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://danishcyberdefence.dk/blog/esets-cyber-security"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-12-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ESET Cyber Security before 6.8.1.0 is vulnerable to a denial-of-service allowing any user to stop (kill) ESET processes. An attacker can abuse this bug to stop the protection from ESET and launch his attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-03T14:25:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://danishcyberdefence.dk/blog/esets-cyber-security"
}
],
"x_ConverterErrors": {
"cvssV3_0": {
"error": "CVSSV3_0 data from v4 record is invalid",
"message": "Malformed CVSS3 vector \"CVSS:3.0\" is missing mandatory prefix or uses unsupported CVSS version"
}
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17549",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ESET Cyber Security before 6.8.1.0 is vulnerable to a denial-of-service allowing any user to stop (kill) ESET processes. An attacker can abuse this bug to stop the protection from ESET and launch his attack."
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://danishcyberdefence.dk/blog/esets-cyber-security",
"refsource": "MISC",
"url": "https://danishcyberdefence.dk/blog/esets-cyber-security"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17549",
"datePublished": "2020-03-03T14:25:02",
"dateReserved": "2019-10-14T00:00:00",
"dateUpdated": "2024-08-05T01:40:15.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-16519 (GCVE-0-2019-16519)
Vulnerability from cvelistv5
Published
2019-10-14 15:31
Modified
2024-08-05 01:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ESET Cyber Security 6.7.900.0 for macOS allows a local attacker to execute unauthorized commands as root by abusing an undocumented feature in scheduled tasks.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:17:40.260Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.eset.com/ca7317/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://danishcyberdefence.dk/blog/esets-cyber-security"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ESET Cyber Security 6.7.900.0 for macOS allows a local attacker to execute unauthorized commands as root by abusing an undocumented feature in scheduled tasks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-03T19:32:54",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.eset.com/ca7317/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://danishcyberdefence.dk/blog/esets-cyber-security"
}
],
"x_ConverterErrors": {
"cvssV3_0": {
"error": "CVSSV3_0 data from v4 record is invalid",
"message": "Malformed CVSS3 vector \"CVSS:3.0\" is missing mandatory prefix or uses unsupported CVSS version"
}
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16519",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ESET Cyber Security 6.7.900.0 for macOS allows a local attacker to execute unauthorized commands as root by abusing an undocumented feature in scheduled tasks."
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.eset.com/ca7317/",
"refsource": "CONFIRM",
"url": "http://support.eset.com/ca7317/"
},
{
"name": "https://danishcyberdefence.dk/blog/esets-cyber-security",
"refsource": "MISC",
"url": "https://danishcyberdefence.dk/blog/esets-cyber-security"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16519",
"datePublished": "2019-10-14T15:31:32",
"dateReserved": "2019-09-19T00:00:00",
"dateUpdated": "2024-08-05T01:17:40.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19792 (GCVE-0-2019-19792)
Vulnerability from cvelistv5
Published
2020-03-03 14:32
Modified
2024-08-05 02:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A permissions issue in ESET Cyber Security before 6.8.300.0 for macOS allows a local attacker to escalate privileges by appending data to root-owned files.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:25:12.696Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://danishcyberdefence.dk/blog/esets-cyber-security"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-12-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A permissions issue in ESET Cyber Security before 6.8.300.0 for macOS allows a local attacker to escalate privileges by appending data to root-owned files."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AC:L/AV:L/A:L/C:L/I:L/PR:H/S:C/UI:R",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-03T14:32:48",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://danishcyberdefence.dk/blog/esets-cyber-security"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19792",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A permissions issue in ESET Cyber Security before 6.8.300.0 for macOS allows a local attacker to escalate privileges by appending data to root-owned files."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AC:L/AV:L/A:L/C:L/I:L/PR:H/S:C/UI:R",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://danishcyberdefence.dk/blog/esets-cyber-security",
"refsource": "MISC",
"url": "https://danishcyberdefence.dk/blog/esets-cyber-security"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19792",
"datePublished": "2020-03-03T14:32:48",
"dateReserved": "2019-12-13T00:00:00",
"dateUpdated": "2024-08-05T02:25:12.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2020-03-03 15:15
Modified
2024-11-21 04:32
Severity ?
Summary
ESET Cyber Security before 6.8.1.0 is vulnerable to a denial-of-service allowing any user to stop (kill) ESET processes. An attacker can abuse this bug to stop the protection from ESET and launch his attack.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://danishcyberdefence.dk/blog/esets-cyber-security | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://danishcyberdefence.dk/blog/esets-cyber-security | Exploit, Technical Description, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| eset | cyber_security | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:eset:cyber_security:*:*:*:*:-:macos:*:*",
"matchCriteriaId": "03F09CFE-3B99-4642-8011-EBDB60CBC48B",
"versionEndExcluding": "6.8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ESET Cyber Security before 6.8.1.0 is vulnerable to a denial-of-service allowing any user to stop (kill) ESET processes. An attacker can abuse this bug to stop the protection from ESET and launch his attack."
},
{
"lang": "es",
"value": "ESET Cyber Security versiones anteriores a 6.8.1.0, es vulnerable a una denegaci\u00f3n de servicio permitiendo a cualquier usuario detener (eliminar) los procesos de ESET. Un atacante puede abusar de este fallo para detener la protecci\u00f3n de ESET e iniciar su ataque."
}
],
"id": "CVE-2019-17549",
"lastModified": "2024-11-21T04:32:30.267",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-03T15:15:11.697",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://danishcyberdefence.dk/blog/esets-cyber-security"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://danishcyberdefence.dk/blog/esets-cyber-security"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-05 19:15
Modified
2024-11-21 04:54
Severity ?
Summary
The ESET AV parsing engine allows virus-detection bypass via a crafted BZ2 Checksum field in an archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security, and NOD32 Antivirus 4 for Linux Desktop.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.zoller.lu/p/tzo-11-2020-eset-generic-malformed.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.zoller.lu/p/tzo-11-2020-eset-generic-malformed.html | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| eset | cyber_security | * | |
| eset | cyber_security | * | |
| eset | mobile_security | * | |
| eset | nod32_antivirus | * | |
| eset | nod32_antivirus | 4 | |
| eset | smart_security | * | |
| eset | smart_security | * | |
| eset | smart_tv_security | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:eset:cyber_security:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "873A6C9F-D339-492F-9234-727BD59D49AE",
"versionEndExcluding": "1294",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eset:cyber_security:*:*:*:*:pro:macos:*:*",
"matchCriteriaId": "F948F4A7-7F14-457F-B7F1-C11CCF21442B",
"versionEndExcluding": "1294",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eset:mobile_security:*:*:*:*:*:android:*:*",
"matchCriteriaId": "46BEDBE3-DB0E-4BFE-984F-DA9C1E7ECCB7",
"versionEndExcluding": "1294",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eset:nod32_antivirus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AEBB2951-7954-4F12-954F-835FF21487B3",
"versionEndExcluding": "1294",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eset:nod32_antivirus:4:*:*:*:*:linux:*:*",
"matchCriteriaId": "BCB077E5-6496-4FA9-A552-692A18B04287",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eset:smart_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20D1C7D8-52FB-4DDD-9EA3-81D4452C7947",
"versionEndExcluding": "1294",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eset:smart_security:*:*:*:*:premium:*:*:*",
"matchCriteriaId": "C5D4AC1D-31F1-40A5-82AB-2250F7667553",
"versionEndExcluding": "1294",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eset:smart_tv_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14871E5E-3939-421B-837F-BE9CF1416687",
"versionEndExcluding": "1294",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ESET AV parsing engine allows virus-detection bypass via a crafted BZ2 Checksum field in an archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security, and NOD32 Antivirus 4 for Linux Desktop."
},
{
"lang": "es",
"value": "El motor de an\u00e1lisis de ESET AV, permite omitir la detecci\u00f3n de virus por medio de un campo BZ2 Checksum dise\u00f1ado en un archivo. Esto afecta a las versiones anteriores a 1294 de Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security y NOD32 Antivirus 4 para Linux Desktop."
}
],
"id": "CVE-2020-10180",
"lastModified": "2024-11-21T04:54:55.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-05T19:15:11.467",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://blog.zoller.lu/p/tzo-11-2020-eset-generic-malformed.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://blog.zoller.lu/p/tzo-11-2020-eset-generic-malformed.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-436"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-14 16:15
Modified
2024-11-21 04:30
Severity ?
Summary
ESET Cyber Security 6.7.900.0 for macOS allows a local attacker to execute unauthorized commands as root by abusing an undocumented feature in scheduled tasks.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| eset | cyber_security | * | |
| eset | cyber_security | * | |
| eset | endpoint_antivirus | * | |
| eset | endpoint_security | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:eset:cyber_security:*:*:*:*:-:macos:*:*",
"matchCriteriaId": "DDB489CA-92BC-4B7B-B1C7-E2403479D96D",
"versionEndIncluding": "6.7.900.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eset:cyber_security:*:*:*:*:pro:macos:*:*",
"matchCriteriaId": "5E930B7D-13D6-47C0-9A1E-88412273D6DA",
"versionEndIncluding": "6.7.900.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eset:endpoint_antivirus:*:*:*:*:-:macos:*:*",
"matchCriteriaId": "98E45628-B484-4B81-B049-0D1654603E98",
"versionEndIncluding": "6.7.900.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eset:endpoint_security:*:*:*:*:-:macos:*:*",
"matchCriteriaId": "9D3AA656-207C-4A0F-88DD-DB6C5692FDD3",
"versionEndIncluding": "6.7.900.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ESET Cyber Security 6.7.900.0 for macOS allows a local attacker to execute unauthorized commands as root by abusing an undocumented feature in scheduled tasks."
},
{
"lang": "es",
"value": "ESET Cyber ??Security 6.7.900.0 para macOS permite a un atacante local ejecutar comandos no autorizados como root al abusar de una funci\u00f3n no documentada en las tareas programadas."
}
],
"id": "CVE-2019-16519",
"lastModified": "2024-11-21T04:30:45.043",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-14T16:15:10.637",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.eset.com/ca7317/"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://danishcyberdefence.dk/blog/esets-cyber-security"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.eset.com/ca7317/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://danishcyberdefence.dk/blog/esets-cyber-security"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-06 20:15
Modified
2024-11-21 04:54
Severity ?
Summary
ESET Archive Support Module before 1294 allows virus-detection bypass via crafted RAR Compression Information in an archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security, and NOD32 Antivirus 4 for Linux Desktop.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.zoller.lu/p/from-low-hanging-fruit-department_13.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.zoller.lu/p/from-low-hanging-fruit-department_13.html | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| eset | cyber_security | * | |
| eset | internet_security | * | |
| eset | mobile_security | * | |
| eset | mobile_security | 1294 | |
| eset | nod32_antivirus | * | |
| eset | nod32_antivirus | * | |
| eset | smart_security | * | |
| eset | smart_tv_security | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:eset:cyber_security:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "873A6C9F-D339-492F-9234-727BD59D49AE",
"versionEndExcluding": "1294",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eset:internet_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9001E431-4FF0-4C27-919F-FE8D0BD9E5DC",
"versionEndExcluding": "1294",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eset:mobile_security:*:*:*:*:*:android:*:*",
"matchCriteriaId": "46BEDBE3-DB0E-4BFE-984F-DA9C1E7ECCB7",
"versionEndExcluding": "1294",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eset:mobile_security:1294:*:*:*:*:*:*:*",
"matchCriteriaId": "CB6657C0-35FB-4FF4-9FD6-2BF830F7525C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eset:nod32_antivirus:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "B0A0FE2F-0948-44AC-AA2E-D7861FA14B50",
"versionEndExcluding": "4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eset:nod32_antivirus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AEBB2951-7954-4F12-954F-835FF21487B3",
"versionEndExcluding": "1294",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eset:smart_security:*:*:*:*:premium:*:*:*",
"matchCriteriaId": "C5D4AC1D-31F1-40A5-82AB-2250F7667553",
"versionEndExcluding": "1294",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eset:smart_tv_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14871E5E-3939-421B-837F-BE9CF1416687",
"versionEndExcluding": "1294",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ESET Archive Support Module before 1294 allows virus-detection bypass via crafted RAR Compression Information in an archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security, and NOD32 Antivirus 4 for Linux Desktop."
},
{
"lang": "es",
"value": "ESET Archive Support Module versiones anteriores a 1294, permite una omisi\u00f3n de detecci\u00f3n de virus por medio de una Informaci\u00f3n de Compresi\u00f3n RAR en un archivo. Esto afecta a las versiones anteriores a 1294 de Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security para Android, Smart TV Security, y NOD32 Antivirus 4 para Linux Desktop."
}
],
"id": "CVE-2020-10193",
"lastModified": "2024-11-21T04:54:56.763",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-06T20:15:12.597",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://blog.zoller.lu/p/from-low-hanging-fruit-department_13.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://blog.zoller.lu/p/from-low-hanging-fruit-department_13.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-436"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-06-15 08:15
Modified
2024-11-21 07:59
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
During internal security analysis, a local privilege escalation vulnerability has been identified. On a machine with the affected ESET product installed, it was possible for a user with lower privileges due to improper privilege management to trigger actions with root privileges.
ESET remedied this possible attack vector and has prepared new builds of its products that are no longer susceptible to this vulnerability.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@eset.com | https://support.eset.com/en/ca8447 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.eset.com/en/ca8447 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| eset | cyber_security | * | |
| eset | endpoint_antivirus | * | |
| eset | endpoint_antivirus | * | |
| eset | endpoint_antivirus | * | |
| eset | endpoint_antivirus | * | |
| eset | server_security | * | |
| eset | server_security | * | |
| eset | server_security | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:eset:cyber_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "98364EAC-A092-43AD-9E40-07461C2C88CC",
"versionEndExcluding": "7.3.3700.0",
"versionStartIncluding": "7.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eset:endpoint_antivirus:*:*:*:*:*:linux_kernel:*:*",
"matchCriteriaId": "3790FBC6-9B62-4793-B247-8A5EC1E3A44C",
"versionEndExcluding": "8.1.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eset:endpoint_antivirus:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "0F0477F7-831B-43E7-BC10-F4271394A1AE",
"versionEndExcluding": "7.3.3600.0",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eset:endpoint_antivirus:*:*:*:*:*:linux_kernel:*:*",
"matchCriteriaId": "654CCEB1-6BAC-41E3-85AD-A1FA17BD194D",
"versionEndExcluding": "9.0.10.0",
"versionStartIncluding": "9.0.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eset:endpoint_antivirus:*:*:*:*:*:linux_kernel:*:*",
"matchCriteriaId": "4223FD72-EA39-4656-B268-FF23319F55E1",
"versionEndExcluding": "9.1.11.0",
"versionStartIncluding": "9.1.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eset:server_security:*:*:*:*:*:linux_kernel:*:*",
"matchCriteriaId": "BF425CAB-6E2E-4D3F-B4BC-951D58D16A5B",
"versionEndExcluding": "8.1.823.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eset:server_security:*:*:*:*:*:linux_kernel:*:*",
"matchCriteriaId": "E3BC0EF1-1CA5-4071-8D8E-259D49868EDE",
"versionEndExcluding": "9.0.466.0",
"versionStartIncluding": "9.0.464.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eset:server_security:*:*:*:*:*:linux_kernel:*:*",
"matchCriteriaId": "6A51D2FC-FD35-45B9-B293-2663EE84380F",
"versionEndExcluding": "9.1.98.0",
"versionStartIncluding": "9.1.96.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nDuring internal security analysis, a local privilege escalation vulnerability has been identified. On a machine with the affected ESET product installed, it was possible for a user with lower privileges due to improper privilege management to trigger actions with root privileges.\n\nESET remedied this possible attack vector and has prepared new builds of its products that are no longer susceptible to this vulnerability.\n\n\n\n"
}
],
"id": "CVE-2023-2847",
"lastModified": "2024-11-21T07:59:24.787",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.1,
"impactScore": 6.0,
"source": "security@eset.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-15T08:15:09.150",
"references": [
{
"source": "security@eset.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.eset.com/en/ca8447"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.eset.com/en/ca8447"
}
],
"sourceIdentifier": "security@eset.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "security@eset.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-18 15:15
Modified
2024-11-21 05:40
Severity ?
Summary
ESET Archive Support Module before 1296 allows virus-detection bypass via a crafted Compression Information Field in a ZIP archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security, and NOD32 Antivirus 4 for Linux Desktop.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2020/Feb/21 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://blog.zoller.lu/p/tzo-11-2020-eset-generic-malformed.html | Third Party Advisory | |
| cve@mitre.org | https://support.eset.com/en/ca7387-modules-review-december-2019 | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2020/Feb/21 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.zoller.lu/p/tzo-11-2020-eset-generic-malformed.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.eset.com/en/ca7387-modules-review-december-2019 | Release Notes |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| eset | cyber_security | * | |
| eset | cyber_security | * | |
| eset | internet_security | * | |
| eset | mobile_security | * | |
| eset | nod32_antivirus | * | |
| eset | nod32_antivirus | 4 | |
| eset | smart_security | * | |
| eset | smart_tv_security | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:eset:cyber_security:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "5371D3C6-AB34-4535-BB2D-767EF3D74B8D",
"versionEndExcluding": "1296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eset:cyber_security:*:*:*:*:pro:macos:*:*",
"matchCriteriaId": "6AB0EFCD-D718-422C-964E-8B87DD7ED448",
"versionEndExcluding": "1296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eset:internet_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6FA874-7D7F-4E56-9472-47A576F5E720",
"versionEndExcluding": "1296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eset:mobile_security:*:*:*:*:*:android:*:*",
"matchCriteriaId": "77734CD3-BE20-47C8-B2A5-86FEED181E79",
"versionEndExcluding": "1296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eset:nod32_antivirus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7537106-687B-4026-A4B6-AE9307FB2440",
"versionEndExcluding": "1296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eset:nod32_antivirus:4:*:*:*:*:linux:*:*",
"matchCriteriaId": "BCB077E5-6496-4FA9-A552-692A18B04287",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eset:smart_security:*:*:*:*:premium:*:*:*",
"matchCriteriaId": "3A4983DD-34FC-4A06-A875-AFD11C48DC94",
"versionEndExcluding": "1296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eset:smart_tv_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A7E99AF2-4ADD-4295-8D01-8AB2C998FD4C",
"versionEndExcluding": "1296",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ESET Archive Support Module before 1296 allows virus-detection bypass via a crafted Compression Information Field in a ZIP archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security, and NOD32 Antivirus 4 for Linux Desktop."
},
{
"lang": "es",
"value": "ESET Archive Support Module versiones anteriores a 1296, permite omitir la detecci\u00f3n de virus por medio de un Compression Information Field dise\u00f1ado en un archivo ZIP. Esto afecta a las versiones anteriores a 1294 de Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security para Android, Smart TV Security y NOD32 Antivirus 4 para Linux Desktop."
}
],
"id": "CVE-2020-9264",
"lastModified": "2024-11-21T05:40:18.097",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-18T15:15:12.787",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Feb/21"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://blog.zoller.lu/p/tzo-11-2020-eset-generic-malformed.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://support.eset.com/en/ca7387-modules-review-december-2019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Feb/21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://blog.zoller.lu/p/tzo-11-2020-eset-generic-malformed.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://support.eset.com/en/ca7387-modules-review-december-2019"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-436"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-03 15:15
Modified
2024-11-21 04:35
Severity ?
Summary
A permissions issue in ESET Cyber Security before 6.8.300.0 for macOS allows a local attacker to escalate privileges by appending data to root-owned files.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://danishcyberdefence.dk/blog/esets-cyber-security | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://danishcyberdefence.dk/blog/esets-cyber-security | Exploit, Technical Description, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| eset | cyber_security | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:eset:cyber_security:*:*:*:*:-:macos:*:*",
"matchCriteriaId": "BF5E4474-5346-4B86-A24C-44A064C0A87B",
"versionEndExcluding": "6.8.300.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A permissions issue in ESET Cyber Security before 6.8.300.0 for macOS allows a local attacker to escalate privileges by appending data to root-owned files."
},
{
"lang": "es",
"value": "Un problema de permisos en ESET Cyber Security versiones anteriores a 6.8.300.0 para macOS, permite a un atacante local escalar privilegios al a\u00f1adir datos en archivos propiedad de root."
}
],
"id": "CVE-2019-19792",
"lastModified": "2024-11-21T04:35:23.783",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 1.1,
"impactScore": 3.7,
"source": "cve@mitre.org",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-03T15:15:11.790",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://danishcyberdefence.dk/blog/esets-cyber-security"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://danishcyberdefence.dk/blog/esets-cyber-security"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-11-08 14:15
Modified
2024-11-21 06:15
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
ESET was made aware of a vulnerability in its consumer and business products for macOS that enables a user logged on to the system to stop the ESET daemon, effectively disabling the protection of the ESET security product until a system reboot.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@eset.com | https://support.eset.com/en/ca8151 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.eset.com/en/ca8151 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| eset | cyber_security | * | |
| eset | cyber_security | * | |
| eset | endpoint_antivirus | * | |
| eset | endpoint_security | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:eset:cyber_security:*:*:*:*:-:macos:*:*",
"matchCriteriaId": "47B7D44D-DB8F-4C1F-A13B-0DB9B1A2E17D",
"versionEndIncluding": "6.10.700",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eset:cyber_security:*:*:*:*:pro:macos:*:*",
"matchCriteriaId": "3F714A0A-410A-4531-966E-4443585E6577",
"versionEndIncluding": "6.10.700",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eset:endpoint_antivirus:*:*:*:*:-:macos:*:*",
"matchCriteriaId": "DB9F6E12-07C5-4D10-94ED-7F9B2900F8AA",
"versionEndIncluding": "6.10.910.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eset:endpoint_security:*:*:*:*:-:macos:*:*",
"matchCriteriaId": "B5C5CD3B-1CEA-4E53-ABA5-C53F6F2ACABB",
"versionEndIncluding": "6.10.910.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ESET was made aware of a vulnerability in its consumer and business products for macOS that enables a user logged on to the system to stop the ESET daemon, effectively disabling the protection of the ESET security product until a system reboot."
},
{
"lang": "es",
"value": "ESET se dio cuenta de una vulnerabilidad en sus productos de consumo y empresariales para macOS que permite a un usuario conectado al sistema detener el demonio de ESET, deshabilitando efectivamente la protecci\u00f3n del producto de seguridad de ESET hasta un reinicio del sistema"
}
],
"id": "CVE-2021-37850",
"lastModified": "2024-11-21T06:15:58.460",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "security@eset.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-08T14:15:08.037",
"references": [
{
"source": "security@eset.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.eset.com/en/ca8151"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.eset.com/en/ca8151"
}
],
"sourceIdentifier": "security@eset.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}