CVE-2023-7043

Published: Jan 31, 2024Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Unquoted service path in ESET products allows to drop a prepared program to a specific location and run on boot with the NT AUTHORITY\NetworkService permissions.

Affected (6)

Products: Eset: Endpoint Antivirus, Endpoint Security, Internet Security, Mail Security, Nod32 Antivirus, Smart Security Premium

6 products

Smart Security Premium

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Eset Endpoint Antivirus	From 10.1.2046.0 to 11.0.2032.0
Eset Endpoint Security	From 10.1.2046.0 to 11.0.2032.0
Eset Internet Security	From 16.1.14.0 to 17.0.15.0
Eset Mail Security	Version 10.1.10012.0
Eset Nod32 Antivirus	From 16.1.14.0 to 17.0.15.0
Eset Smart Security Premium	From 16.1.14.0 to 17.0.15.0

Related CWEs

CWE-428

Unquoted Search Path or Element

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

References (2)

https://support.eset.com/en/ca8602

Source: security@eset.com

Vendor Advisory

https://support.eset.com/en/ca8602

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.