CVE-2016-9892
MEDIUMESET Endpoint Antivirus and Endpoint Security for macOS < 6.4.168.0 - Improper Certificate Validation
Title source: llmDescription
The esets_daemon service in ESET Endpoint Antivirus for macOS before 6.4.168.0 and Endpoint Security for macOS before 6.4.168.0 does not properly verify X.509 certificates from the edf.eset.com SSL server, which allows man-in-the-middle attackers to spoof this server and provide crafted responses to license activation requests via a self-signed certificate. NOTE: this issue can be combined with CVE-2016-0718 to execute arbitrary code remotely as root.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_confirm
http://support.eset.com/ca6333/
Exploit, Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2017/Feb/68
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/96462
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/141350/ESET-Endpoint-Antivirus-6-Remote-Code-Execution.html
Scores
CVSS v3
5.9
EPSS
0.0166
EPSS Percentile
73.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-295
Status
published
Products (2)
eset/endpoint_antivirus
6.3.70.1
eset/endpoint_security
6.3.70.1
Published
Mar 02, 2017
Tracked Since
Feb 18, 2026