Lucene search

ESETCVE-2022-27167

HistoryMay 10, 2022 - 8:15 p.m.

CVE-2022-27167

2022-05-1020:15:09

CWE-755

CWE-280

ESET

web.nvd.nist.gov

cve-2022-27167

eset

windows

privilege escalation

vulnerability

arbitrary file deletion

nvd

security advisory

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

AI Score

Confidence

High

EPSS

Percentile

12.6%

JSON

Privilege escalation vulnerability in Windows products of ESET, spol. s r.o. allows attacker to exploit “Repair” and “Uninstall” features what may lead to arbitrary file deletion. This issue affects: ESET, spol. s r.o. ESET NOD32 Antivirus 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Internet Security 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Smart Security Premium 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Endpoint Antivirus 6.0 versions prior to 9.0.2046.0. ESET, spol. s r.o. ESET Endpoint Security 6.0 versions prior to 9.0.2046.0. ESET, spol. s r.o. ESET Server Security for Microsoft Windows Server 8.0 versions prior to 9.0.12012.0. ESET, spol. s r.o. ESET File Security for Microsoft Windows Server 8.0.12013.0. ESET, spol. s r.o. ESET Mail Security for Microsoft Exchange Server 6.0 versions prior to 8.0.10020.0. ESET, spol. s r.o. ESET Mail Security for IBM Domino 6.0 versions prior to 8.0.14011.0. ESET, spol. s r.o. ESET Security for Microsoft SharePoint Server 6.0 versions prior to 8.0.15009.0.

Affected configurations

Nvd

Node

esetendpoint_antivirusRange6.0–8.0.2053.0windows

esetendpoint_antivirusRange8.1–8.1.2050.0windows

esetendpoint_antivirusRange9.0–9.0.2046.0windows

esetendpoint_securityRange6.0–8.0.2053.0windows

esetendpoint_securityRange8.1–8.1.2050.0windows

esetendpoint_securityRange9.0–9.0.2046.0windows

esetfile_securityRange6.0–8.0.12013.0windows_server

esetinternet_securityRange11.2–15.1.12.0windows

esetmail_securityRange6.0–8.0.10020.0exchange_server

esetmail_securityRange6.0–8.0.14011.0domino

esetnod32_antivirusRange11.2–15.1.12.0windows

esetsecurityRange6.0–8.0.15009.0sharepoint_server

esetserver_securityRange6.0≥azure

esetserver_securityRange8.0–9.0.12012.0windows_server

esetsmart_securityRange11.2–15.1.12.0premiumwindows

VendorProductVersionCPE
esetendpoint_antivirus*cpe:2.3:a:eset:endpoint_antivirus:*:*:*:*:*:windows:*:*
esetendpoint_security*cpe:2.3:a:eset:endpoint_security:*:*:*:*:*:windows:*:*
esetfile_security*cpe:2.3:a:eset:file_security:*:*:*:*:*:windows_server:*:*
esetinternet_security*cpe:2.3:a:eset:internet_security:*:*:*:*:*:windows:*:*
esetmail_security*cpe:2.3:a:eset:mail_security:*:*:*:*:*:exchange_server:*:*
esetmail_security*cpe:2.3:a:eset:mail_security:*:*:*:*:*:domino:*:*
esetnod32_antivirus*cpe:2.3:a:eset:nod32_antivirus:*:*:*:*:*:windows:*:*
esetsecurity*cpe:2.3:a:eset:security:*:*:*:*:*:sharepoint_server:*:*
esetserver_security*cpe:2.3:a:eset:server_security:*:*:*:*:*:azure:*:*
esetserver_security*cpe:2.3:a:eset:server_security:*:*:*:*:*:windows_server:*:*

Vendor	Product	Version	CPE
eset	endpoint_antivirus	*	cpe:2.3:a:eset:endpoint_antivirus::::::windows::*
eset	endpoint_security	*	cpe:2.3:a:eset:endpoint_security::::::windows::*
eset	file_security	*	cpe:2.3:a:eset:file_security::::::windows_server::*
eset	internet_security	*	cpe:2.3:a:eset:internet_security::::::windows::*
eset	mail_security	*	cpe:2.3:a:eset:mail_security::::::exchange_server::*
eset	mail_security	*	cpe:2.3:a:eset:mail_security::::::domino::*
eset	nod32_antivirus	*	cpe:2.3:a:eset:nod32_antivirus::::::windows::*
eset	security	*	cpe:2.3:a:eset:security::::::sharepoint_server::*
eset	server_security	*	cpe:2.3:a:eset:server_security::::::azure::*
eset	server_security	*	cpe:2.3:a:eset:server_security::::::windows_server::*

Rows per page:

1-10 of 111

CNA Affected

[
  {
    "product": "ESET NOD32 Antivirus",
    "vendor": "ESET, spol. s r.o.",
    "versions": [
      {
        "lessThan": "15.1.12.0",
        "status": "affected",
        "version": "11.2",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "ESET Internet Security",
    "vendor": "ESET, spol. s r.o.",
    "versions": [
      {
        "lessThan": "15.1.12.0",
        "status": "affected",
        "version": "11.2",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "ESET Smart Security Premium",
    "vendor": "ESET, spol. s r.o.",
    "versions": [
      {
        "lessThan": "15.1.12.0",
        "status": "affected",
        "version": "11.2",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "ESET Endpoint Antivirus",
    "vendor": "ESET, spol. s r.o.",
    "versions": [
      {
        "changes": [
          {
            "at": "8.1.2050.0",
            "status": "unaffected"
          },
          {
            "at": "8.0.2053.0",
            "status": "unaffected"
          }
        ],
        "lessThan": "9.0.2046.0",
        "status": "affected",
        "version": "6.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "ESET Endpoint Security",
    "vendor": "ESET, spol. s r.o.",
    "versions": [
      {
        "changes": [
          {
            "at": "8.1.2050.0",
            "status": "unaffected"
          },
          {
            "at": "8.0.2053.0",
            "status": "unaffected"
          }
        ],
        "lessThan": "9.0.2046.0",
        "status": "affected",
        "version": "6.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "ESET Server Security for Microsoft Windows Server",
    "vendor": "ESET, spol. s r.o.",
    "versions": [
      {
        "lessThan": "9.0.12012.0",
        "status": "affected",
        "version": "8.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "ESET File Security for Microsoft Windows Server",
    "vendor": "ESET, spol. s r.o.",
    "versions": [
      {
        "status": "affected",
        "version": "6.0 8.0.12013.0"
      }
    ]
  },
  {
    "product": "ESET Mail Security for Microsoft Exchange Server",
    "vendor": "ESET, spol. s r.o.",
    "versions": [
      {
        "lessThan": "8.0.10020.0",
        "status": "affected",
        "version": "6.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "ESET Mail Security for IBM Domino",
    "vendor": "ESET, spol. s r.o.",
    "versions": [
      {
        "lessThan": "8.0.14011.0",
        "status": "affected",
        "version": "6.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "ESET Security for Microsoft SharePoint Server",
    "vendor": "ESET, spol. s r.o.",
    "versions": [
      {
        "lessThan": "8.0.15009.0",
        "status": "affected",
        "version": "6.0",
        "versionType": "custom"
      }
    ]
  }
]

References

support.eset.com/en/ca8268

Social References

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

AI Score

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVE-2022-27167