ESET internally discovered a vulnerability in its Linux and macOS products. Fixed product versions are available to download, and we recommend upgrading or scheduling upgrades for them.
ESET prepared fixed builds of its consumer, business and server products. The fixed builds are available in the Download section of www.eset.com or via ESET Repository.
This issue is resolved in the following builds:
ESET Server Security for Linux 188.8.131.52, 9.0.466.0, 8.1.823.0 and later from the respective version family
ESET Endpoint Antivirus for Linux 184.108.40.206, 220.127.116.11 and 18.104.22.168 and later from the respective version family
ESET Cyber Security 7.3.3700.0 and later
ESET Endpoint Antivirus for macOS 7.3.3600.0 and later
Affected Programs and Versions
ESET Server Security for Linux 22.214.171.124, 9.0.464.0, 8.1.820.0 and earlier from the respective version family
ESET Endpoint Antivirus for Linux 126.96.36.199, 188.8.131.52, 184.108.40.206 and earlier from the respective version family
ESET Cyber Security from version 7.3 to 7.3.2100.0
ESET Endpoint Antivirus for macOS from version 7.0 to 7.2.1600.0
During an internal security analysis, a local privilege escalation vulnerability was identified. On a machine with the affected ESET product installed, a user with lower privileges could trigger actions with root privileges.
ESET remedied this possible attack vector and has prepared new builds of its products that are no longer susceptible to this vulnerability.
The reserved CVE ID for this vulnerability is CVE-2023-2847. ESET evaluated the severity of this vulnerability as High, and the CVSS v3.1 base score is 7.8 with the following vector: AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H.
To our best knowledge, no existing exploits take advantage of this vulnerability in the wild.
Feedback & Support
Reporting security vulnerabilities to ESET
ESET welcomes reports of security vulnerabilities in its products. See http://www.eset.com/int/security-vulnerability-reporting/