Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete files without having proper permission.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

Vendors Products
Eset
  • Endpoint Antivirus
  • Endpoint Security
  • File Security
  • Internet Security
  • Mail Security
  • Nod32 Antivirus
  • Security
  • Security Ultimate
  • Server Security
  • Smart Security
  • Smart Security Premium

Configuration 1 [-]

OR cpe:2.3:a:eset:endpoint_antivirus:*:*:*:*:*:windows:*:*
cpe:2.3:a:eset:endpoint_antivirus:*:*:*:*:*:windows:*:*
cpe:2.3:a:eset:endpoint_antivirus:*:*:*:*:*:windows:*:*
cpe:2.3:a:eset:endpoint_antivirus:*:*:*:*:*:windows:*:*
cpe:2.3:a:eset:endpoint_antivirus:*:*:*:*:*:windows:*:*
cpe:2.3:a:eset:endpoint_security:*:*:*:*:*:windows:*:*
cpe:2.3:a:eset:endpoint_security:*:*:*:*:*:windows:*:*
cpe:2.3:a:eset:endpoint_security:*:*:*:*:*:windows:*:*
cpe:2.3:a:eset:endpoint_security:*:*:*:*:*:windows:*:*
cpe:2.3:a:eset:endpoint_security:*:*:*:*:*:windows:*:*
cpe:2.3:a:eset:file_security:*:*:*:*:*:azure:*:*
cpe:2.3:a:eset:internet_security:*:*:*:*:*:*:*:*
cpe:2.3:a:eset:mail_security:*:*:*:*:*:exchange_server:*:*
cpe:2.3:a:eset:mail_security:*:*:*:*:*:domino:*:*
cpe:2.3:a:eset:mail_security:*:*:*:*:*:exchange_server:*:*
cpe:2.3:a:eset:mail_security:*:*:*:*:*:domino:*:*
cpe:2.3:a:eset:mail_security:*:*:*:*:*:exchange_server:*:*
cpe:2.3:a:eset:mail_security:*:*:*:*:*:domino:*:*
cpe:2.3:a:eset:mail_security:*:*:*:*:*:exchange_server:*:*
cpe:2.3:a:eset:mail_security:*:*:*:*:*:domino:*:*
cpe:2.3:a:eset:mail_security:*:*:*:*:*:exchange_server:*:*
cpe:2.3:a:eset:nod32_antivirus:*:*:*:*:*:*:*:*
cpe:2.3:a:eset:security:*:*:*:*:*:sharepoint_server:*:*
cpe:2.3:a:eset:security:*:*:*:*:ultimate:*:*:*
cpe:2.3:a:eset:security:*:*:*:*:*:sharepoint_server:*:*
cpe:2.3:a:eset:security:*:*:*:*:*:sharepoint_server:*:*
cpe:2.3:a:eset:security:*:*:*:*:*:sharepoint_server:*:*
cpe:2.3:a:eset:server_security:*:*:*:*:*:windows_server:*:*
cpe:2.3:a:eset:server_security:*:*:*:*:*:windows_server:*:*
cpe:2.3:a:eset:server_security:*:*:*:*:*:windows_server:*:*
cpe:2.3:a:eset:server_security:*:*:*:*:*:windows_server:*:*
cpe:2.3:a:eset:smart_security:*:*:*:*:premium:*:*:*

No data.

References
Link Providers
https://packetstormsecurity.com/files/179495/ESET-NOD32-Antivirus-17.2.7.0-Unquoted-Service-Path.html cve-icon
https://packetstormsecurity.com/files/182464/ESET-NOD32-Antivirus-18.0.12.0-Unquoted-Service-Path.html cve-icon
https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed cve-icon cve-icon
https://www.exploit-db.com/exploits/51351 cve-icon
https://www.exploit-db.com/exploits/51964 cve-icon
History

Wed, 10 Dec 2025 20:30:00 +0000

Type Values Removed Values Added
References

Wed, 10 Dec 2025 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Eset security Ultimate
Eset smart Security Premium
CPEs cpe:2.3:a:eset:endpoint_antivirus:-:*:*:*:*:windows:*:*
cpe:2.3:a:eset:endpoint_security:-:*:*:*:*:windows:*:*
cpe:2.3:a:eset:file_security:-:*:*:*:*:azure:*:*
cpe:2.3:a:eset:mail_security:-:*:*:*:*:domino:*:*
cpe:2.3:a:eset:mail_security:-:*:*:*:*:exchange_server:*:*
cpe:2.3:a:eset:security:-:*:*:*:*:sharepoint_server:*:*
cpe:2.3:a:eset:security_ultimate:*:*:*:*:*:*:*:*
cpe:2.3:a:eset:server_security:-:*:*:*:*:windows_server:*:*
cpe:2.3:a:eset:smart_security_premium:*:*:*:*:*:*:*:*
Vendors & Products Eset security Ultimate
Eset smart Security Premium
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 23 Jan 2025 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Eset
Eset endpoint Antivirus
Eset endpoint Security
Eset file Security
Eset internet Security
Eset mail Security
Eset nod32 Antivirus
Eset security
Eset server Security
Eset smart Security
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:eset:endpoint_antivirus:*:*:*:*:*:windows:*:*
cpe:2.3:a:eset:endpoint_security:*:*:*:*:*:windows:*:*
cpe:2.3:a:eset:file_security:*:*:*:*:*:azure:*:*
cpe:2.3:a:eset:internet_security:*:*:*:*:*:*:*:*
cpe:2.3:a:eset:mail_security:*:*:*:*:*:domino:*:*
cpe:2.3:a:eset:mail_security:*:*:*:*:*:exchange_server:*:*
cpe:2.3:a:eset:nod32_antivirus:*:*:*:*:*:*:*:*
cpe:2.3:a:eset:security:*:*:*:*:*:sharepoint_server:*:*
cpe:2.3:a:eset:security:*:*:*:*:ultimate:*:*:*
cpe:2.3:a:eset:server_security:*:*:*:*:*:windows_server:*:*
cpe:2.3:a:eset:smart_security:*:*:*:*:premium:*:*:*
Vendors & Products Eset
Eset endpoint Antivirus
Eset endpoint Security
Eset file Security
Eset internet Security
Eset mail Security
Eset nod32 Antivirus
Eset security
Eset server Security
Eset smart Security

Mon, 25 Nov 2024 19:30:00 +0000

Type Values Removed Values Added
References
cve-icon MITRE

Status: PUBLISHED

Assigner: ESET

Published: 2024-02-15T07:40:24.786Z

Updated: 2025-12-10T19:33:58.732Z

Reserved: 2024-01-09T14:21:58.755Z

Link: CVE-2024-0353

cve-icon Vulnrichment

Updated: 2025-12-10T19:33:58.732Z

cve-icon NVD

Status : Modified

Published: 2024-02-15T08:15:46.023

Modified: 2025-12-10T20:16:20.467

Link: CVE-2024-0353

cve-icon Redhat

No data.