Overslaan naar hoofdinhoud

Local privilege escalation vulnerability in ESET products for Linux and macOS fixed - Nieuws / Customer Advisories - ESET Tech Center

jun 16 2023

Local privilege escalation vulnerability in ESET products for Linux and macOS fixed

Lijst van auteurs

Summary

ESET internally discovered a vulnerability in its Linux and macOS products. Fixed product versions are available to download, and we recommend upgrading or scheduling upgrades for them.

Solution

ESET prepared fixed builds of its consumer, business and server products. The fixed builds are available in the Download section of www.eset.com or via ESET Repository.


This issue is resolved in the following builds:

  • ESET Server Security for Linux 9.1.98.0, 9.0.466.0, 8.1.823.0 and later from the respective version family

  • ESET Endpoint Antivirus for Linux 9.1.11.0, 9.0.10.0 and 8.1.12.0 and later from the respective version family

  • ESET Cyber Security 7.3.3700.0 and later

  • ESET Endpoint Antivirus for macOS 7.3.3600.0 and later

Affected Programs and Versions

  • ESET Server Security for Linux 9.1.96.0, 9.0.464.0, 8.1.820.0 and earlier from the respective version family

  • ESET Endpoint Antivirus for Linux 9.1.4.0, 9.0.5.0, 8.1.7.0 and earlier from the respective version family

  • ESET Cyber Security from version 7.3 to 7.3.2100.0

  • ESET Endpoint Antivirus for macOS from version 7.0 to 7.2.1600.0

Details

During an internal security analysis, a local privilege escalation vulnerability was identified. On a machine with the affected ESET product installed, a user with lower privileges could trigger actions with root privileges.

ESET remedied this possible attack vector and has prepared new builds of its products that are no longer susceptible to this vulnerability.

The reserved CVE ID for this vulnerability is CVE-2023-2847. ESET evaluated the severity of this vulnerability as High, and the CVSS v3.1 base score is 7.8 with the following vector: AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H.

To our best knowledge, no existing exploits take advantage of this vulnerability in the wild.

Feedback & Support

If you have feedback or questions about this issue, please contact us via the ESET Security Forum or local ESET Technical Support.

Reporting security vulnerabilities to ESET

ESET welcomes reports of security vulnerabilities in its products. See http://www.eset.com/int/security-vulnerability-reporting/

Reactie toevoegen

Log in of registreer om een reactie te plaatsen.

Heeft u een wachtwoordherinnering nodig?