Strix
26.1K

CVE-2020-26941

MEDIUMCVSS 5.5/10EPSS 0.33%

Last modified

CVE-2020-26941 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. A local (authenticated) low-privileged user can exploit a behavior in an ESET installer to achieve arbitrary file overwrite (deletion) of any file via a symlink, due to insecure permissions. The possibility of exploiting this vulnerability is limited and can only take place during the installation phase of ESET products. EPSS estimates a 0.33% chance of exploitation in the next 30 days.

Description

A local (authenticated) low-privileged user can exploit a behavior in an ESET installer to achieve arbitrary file overwrite (deletion) of any file via a symlink, due to insecure permissions. The possibility of exploiting this vulnerability is limited and can only take place during the installation phase of ESET products. Furthermore, exploitation can only succeed when Self-Defense is disabled. Affected products are: ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security, ESET Smart Security Premium versions 13.2 and lower; ESET Endpoint Antivirus, ESET Endpoint Security, ESET NOD32 Antivirus Business Edition, ESET Smart Security Business Edition versions 7.3 and lower; ESET File Security for Microsoft Windows Server, ESET Mail Security for Microsoft Exchange Server, ESET Mail Security for IBM Domino, ESET Security for Kerio, ESET Security for Microsoft SharePoint Server versions 7.2 and lower.

Metrics

CVSS 3.1
5.5/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS Probability
0.33%

25.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
EsetEndpoint Antivirus<= 7.3
EsetEndpoint Security<= 7.3
EsetFile Security<= 7.2
EsetInternet Security<= 13.2
EsetInternet Security1294
EsetMail Security<= 7.2
EsetNod32 Antivirus<= 7.3
EsetNod32 Antivirus<= 13.2
EsetSecurity<= 7.2
EsetSmart Security<= 7.3
EsetSmart Security<= 13.2

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2020-26941?
A local (authenticated) low-privileged user can exploit a behavior in an ESET installer to achieve arbitrary file overwrite (deletion) of any file via a symlink, due to insecure permissions. The possibility of exploiting this vulnerability is limited and can only take place during the installation phase of ESET products. Furthermore, exploitation can only succeed when Self-Defense is disabled. Affected products are: ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security, ESET Smart Security Premium versions 13.2 and lower; ESET Endpoint Antivirus, ESET Endpoint Security, ESET NOD32 Antivirus Business Edition, ESET Smart Security Business Edition versions 7.3 and lower; ESET File Security for Microsoft Windows Server, ESET Mail Security for Microsoft Exchange Server, ESET Mail Security for IBM Domino, ESET Security for Kerio, ESET Security for Microsoft SharePoint Server versions 7.2 and lower.
How severe is CVE-2020-26941?
CVE-2020-26941 has a CVSS score of 5.5/10 (MEDIUM severity). The EPSS model estimates a 0.33% probability of exploitation in the next 30 days.
How do I fix CVE-2020-26941?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-26941?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST