Main Vulnerability Database SB2024022035

SB2024022035 - Link following in ESET products for Windows

Published: February 20, 2024

Security Bulletin ID SB2024022035

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Link following (CVE-ID: CVE-2024-0353)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a link following issue within the ESET Service. A local user can abuse the service to delete a file, which leads to security restrictions bypass and privilege escalation.

Remediation

Install update from vendor's website.

References

Vulnerable Software

ESET NOD32 Antivirus: 16.2.15.0 and previous versions
ESET Internet Security: 16.2.15.0 and previous versions
ESET Smart Security Premium: 16.2.15.0 and previous versions
ESET Security Ultimate: 16.2.15.0 and previous versions
ESET Endpoint Antivirus for Windows: 8.1.2052.0,9.1.2066.0,10.0.2049.0,10.1.2058.0 and previous versions
ESET Endpoint Security for Windows: 8.1.2052.0,9.1.2066.0,10.0.2049.0,10.1.2058.0 and previous versions
ESET File Security for Microsoft Windows Server: 7.3.12011.0,8.0.12015.0,9.0.12018.0,10.0.12014.0 and previous versions
ESET Mail Security for Microsoft Exchange Server: 7.3.10014.0,8.0.10022.0,9.0.10011.0,10.0.10017.0,10.1.10010.0 and previous versions
ESET Mail Security for IBM Domino: 7.3.14004.0,8.0.14010.0,9.0.14007.0,10.0.14006.0 and previous versions
ESET Security for Microsoft SharePoint Server: 7.3.15004.0,8.0.15011.0,9.0.15005.0,10.0.15004.0 and previous versions
ESET File Security for Microsoft Azure: All versions