CVE-2022-27167

HIGH

Eset Endpoint Antivirus < 8.0.2053.0 - Improper Exception Handling

Title source: rule

Description

Privilege escalation vulnerability in Windows products of ESET, spol. s r.o. allows attacker to exploit "Repair" and "Uninstall" features what may lead to arbitrary file deletion. This issue affects: ESET, spol. s r.o. ESET NOD32 Antivirus 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Internet Security 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Smart Security Premium 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Endpoint Antivirus 6.0 versions prior to 9.0.2046.0. ESET, spol. s r.o. ESET Endpoint Security 6.0 versions prior to 9.0.2046.0. ESET, spol. s r.o. ESET Server Security for Microsoft Windows Server 8.0 versions prior to 9.0.12012.0. ESET, spol. s r.o. ESET File Security for Microsoft Windows Server 8.0.12013.0. ESET, spol. s r.o. ESET Mail Security for Microsoft Exchange Server 6.0 versions prior to 8.0.10020.0. ESET, spol. s r.o. ESET Mail Security for IBM Domino 6.0 versions prior to 8.0.14011.0. ESET, spol. s r.o. ESET Security for Microsoft SharePoint Server 6.0 versions prior to 8.0.15009.0.

References (1)

[Vendor Advisory] https://support.eset.com/en/ca8268

Scores

CVSS v3 7.1

EPSS 0.0003

EPSS Percentile 9.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Classification

CWE

CWE-755 CWE-280

Status published

Affected Products (11)

eset/endpoint_antivirus < 8.0.2053.0

eset/endpoint_security < 8.0.2053.0

eset/file_security < 8.0.12013.0

eset/internet_security < 15.1.12.0

eset/mail_security < 8.0.10020.0

eset/mail_security < 8.0.14011.0

eset/nod32_antivirus < 15.1.12.0

eset/security < 8.0.15009.0

eset/server_security

eset/server_security < 9.0.12012.0

eset/smart_security < 15.1.12.0

Timeline

Published May 10, 2022

Tracked Since Feb 18, 2026