CVE-2023-2847

HIGH

ESET Cyber Security/Endpoint Antivirus/Server Security <8.1.12.0 - Local Privilege Escalation

Title source: llm

Description

During internal security analysis, a local privilege escalation vulnerability has been identified. On a machine with the affected ESET product installed, it was possible for a user with lower privileges due to improper privilege management to trigger actions with root privileges. ESET remedied this possible attack vector and has prepared new builds of its products that are no longer susceptible to this vulnerability.

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory

https://support.eset.com/en/ca8447

Scores

CVSS v3 7.8

EPSS 0.0015

EPSS Percentile 4.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-269

Status published

Products (4)

eset/cyber_security 7.3.0 - 7.3.3700.0

eset/endpoint_antivirus < 8.1.12.0

eset/endpoint_antivirus 7.0.0 - 7.3.3600.0

eset/server_security < 8.1.823.0

Published Jun 15, 2023

Tracked Since Feb 18, 2026