Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-2847: [CA8447] Customer Advisory: Local privilege escalation vulnerability in ESET products for Linux and macOS fixed

During internal security analysis, a local privilege escalation vulnerability has been identified. On a machine with the affected ESET product installed, it was possible for a user with lower privileges due to improper privilege management to trigger actions with root privileges.

ESET remedied this possible attack vector and has prepared new builds of its products that are no longer susceptible to this vulnerability.

CVE
Open in Source
#vulnerability#mac#linux

ESET Customer Advisory 2023-0005
June 14, 2023
Severity: High

Summary

ESET internally discovered a vulnerability in its Linux and macOS products. Fixed product versions are available to download, and we recommend upgrading or scheduling upgrades for them.

Solution

ESET prepared fixed builds of its consumer, business and server products. The fixed builds are available in the Download section of www.eset.com or via ESET Repository.

This issue is resolved in the following builds:

  • ESET Server Security for Linux 9.1.98.0, 9.0.466.0, 8.1.823.0 and later from the respective version family
  • ESET Endpoint Antivirus for Linux 9.1.11.0, 9.0.10.0 and 8.1.12.0 and later from the respective version family
  • ESET Cyber Security 7.3.3700.0 and later
  • ESET Endpoint Antivirus for macOS 7.3.3600.0 and later

Affected Programs and Versions

  • ESET Server Security for Linux 9.1.96.0, 9.0.464.0, 8.1.820.0 and earlier from the respective version family
  • ESET Endpoint Antivirus for Linux 9.1.4.0, 9.0.5.0, 8.1.7.0 and earlier from the respective version family
  • ESET Cyber Security from version 7.3 to 7.3.2100.0
  • ESET Endpoint Antivirus for macOS from version 7.0 to 7.2.1600.0

Details

During an internal security analysis, a local privilege escalation vulnerability was identified. On a machine with the affected ESET product installed, a user with lower privileges could trigger actions with root privileges.

ESET remedied this possible attack vector and has prepared new builds of its products that are no longer susceptible to this vulnerability.

The reserved CVE ID for this vulnerability is CVE-2023-2847. ESET evaluated the severity of this vulnerability as High, and the CVSS v3.1 base score is 7.8 with the following vector: AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H.

To our best knowledge, no existing exploits take advantage of this vulnerability in the wild.

Feedback & Support

If you have feedback or questions about this issue, please contact us via the ESET Security Forum or local ESET Technical Support.

Reporting security vulnerabilities to ESET

ESET welcomes reports of security vulnerabilities in its products. See http://www.eset.com/int/security-vulnerability-reporting/

Version Log

  • Version 1.0 (June 14, 2023): Initial version of this document

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE