CVE-2024-0353

HIGH

Eset Endpoint Antivirus < 8.1.2062.0 - Improper Privilege Management

Title source: rule

Description

Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete files without having proper permission.

Exploits (2)

exploitdb WRITEUP

by Milad karimi · textlocalwindows

https://www.exploit-db.com/exploits/51964

View Code ZIP pw:eip

exploitdb WRITEUP

by Milad karimi · textlocalwindows

https://www.exploit-db.com/exploits/51351

View Code ZIP pw:eip

References (5)

[Vendor Advisory] https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed

[Broken Link] https://packetstormsecurity.com/files/179495/ESET-NOD32-Antivirus-17.2.7.0-Unquoted-Service-Path.html

[Broken Link] https://packetstormsecurity.com/files/182464/ESET-NOD32-Antivirus-18.0.12.0-Unquoted-Service-Path.html

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/51351

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/51964

Scores

CVSS v3 7.8

EPSS 0.0006

EPSS Percentile 18.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-269

Status published

Products (11)

eset/endpoint_antivirus < 8.1.2062.0

eset/endpoint_security < 8.1.2062.0

eset/file_security

eset/internet_security < 17.0.10.0

eset/mail_security < 7.3.10018.0

eset/mail_security < 7.3.14006.0

eset/nod32_antivirus < 17.0.10.0

eset/security < 17.0.10.0

eset/security < 7.3.15006.0

eset/server_security < 7.3.12013.0

... and 1 more

Published Feb 15, 2024

Tracked Since Feb 18, 2026