Lucene search
ESETCVE-2023-7043HistoryJan 31, 2024 - 1:15 p.m.
CVE-2023-7043
2024-01-3113:15:10
CWE-428
ESET
web.nvd.nist.gov
23
cve-2023-7043
eset products
security vulnerability
unquoted service path
nt authority\networkservice permissions
nvd
CVSS3
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
AI Score
6.3
Confidence
High
EPSS
0
Percentile
9.0%
Unquoted service path in ESET products allows to
drop a prepared program to a specific location and run on boot with the
NT AUTHORITY\NetworkService permissions.
Affected configurations
Node
esetendpoint_antivirusRange10.1.2046.0–11.0.2032.0
OResetendpoint_securityRange10.1.2046.0–11.0.2032.0
OResetinternet_securityRange16.1.14.0–17.0.15.0
OResetmail_securityMatch10.1.10012.0exchange_server
OResetnod32_antivirusRange16.1.14.0–17.0.15.0
OResetsmart_security_premiumRange16.1.14.0–17.0.15.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| eset | endpoint_antivirus | * | cpe:2.3:a:eset:endpoint_antivirus:*:*:*:*:*:*:*:* |
| eset | endpoint_security | * | cpe:2.3:a:eset:endpoint_security:*:*:*:*:*:*:*:* |
| eset | internet_security | * | cpe:2.3:a:eset:internet_security:*:*:*:*:*:*:*:* |
| eset | mail_security | 10.1.10012.0 | cpe:2.3:a:eset:mail_security:10.1.10012.0:*:*:*:*:exchange_server:*:* |
| eset | nod32_antivirus | * | cpe:2.3:a:eset:nod32_antivirus:*:*:*:*:*:*:*:* |
| eset | smart_security_premium | * | cpe:2.3:a:eset:smart_security_premium:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "ESET Endpoint Security",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThanOrEqual": "10.1.2063.x",
"status": "affected",
"version": "10.1.2046.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ESET Endpoint Antivirus",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThanOrEqual": "10.1.2063.x",
"status": "affected",
"version": "10.1.2046.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ESET NOD32 Antivirus",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThanOrEqual": "16.2.15.0",
"status": "affected",
"version": "16.1.14.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ESET Internet Security",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThanOrEqual": "16.2.15.0",
"status": "affected",
"version": "16.1.14.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ESET Smart Security Premium",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"lessThanOrEqual": "16.2.15.0",
"status": "affected",
"version": "16.1.14.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ESET Mail Security for Microsoft Exchange Server",
"vendor": "ESET, spol. s r.o.",
"versions": [
{
"status": "affected",
"version": "10.1.10012.0"
}
]
}
]References
Related
nvd
nvd
CVE-2023-7043
2024-01-31 13:15:10
cvelist
cvelist
prion
prion
Design/Logic Flaw
2024-01-31 13:15:00
openvas
openvas
Microsoft Windows Unquoted Path Vulnerability (SMB Login)
2018-03-23 00:00:00
CVSS3
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
AI Score
6.3
Confidence
High
EPSS
0
Percentile
9.0%
Related for CVE-2023-7043