CVE-2023-2847
Last modified
CVE-2023-2847 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. During internal security analysis, a local privilege escalation vulnerability has been identified. On a machine with the affected ESET product installed, it was possible for a user with lower privileges due to improper privilege management to trigger actions with root privileges. ESET remedied this possible attack vector and has prepared new builds of its products that are no longer susceptible to this vulnerability. . EPSS estimates a 0.15% chance of exploitation in the next 30 days.
Description
During internal security analysis, a local privilege escalation vulnerability has been identified. On a machine with the affected ESET product installed, it was possible for a user with lower privileges due to improper privilege management to trigger actions with root privileges. ESET remedied this possible attack vector and has prepared new builds of its products that are no longer susceptible to this vulnerability.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Eset | Cyber Security | >= 7.3.0, < 7.3.3700.0 |
| Eset | Endpoint Antivirus | < 8.1.12.0 |
| Eset | Endpoint Antivirus | >= 7.0.0, < 7.3.3600.0 |
| Eset | Endpoint Antivirus | >= 9.0.5.0, < 9.0.10.0 |
| Eset | Endpoint Antivirus | >= 9.1.4.0, < 9.1.11.0 |
| Eset | Server Security | < 8.1.823.0 |
| Eset | Server Security | >= 9.0.464.0, < 9.0.466.0 |
| Eset | Server Security | >= 9.1.96.0, < 9.1.98.0 |
References
- https://support.eset.com/en/ca8447Vendor Advisory
- https://support.eset.com/en/ca8447Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-2847?
How severe is CVE-2023-2847?
How do I fix CVE-2023-2847?
Are you affected by CVE-2023-2847?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST