CVSS: 7.1EPSS: 0%CPEs: 15EXPL: 0CVE-2022-27167 – Arbitrary File Deletion in ESET products for Windows
https://notcve.org/view.php?id=CVE-2022-27167
10 May 2022 — Privilege escalation vulnerability in Windows products of ESET, spol. s r.o. allows attacker to exploit "Repair" and "Uninstall" features what may lead to arbitrary file deletion. This issue affects: ESET, spol. s r.o. ESET NOD32 Antivirus 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Internet Security 11.2 versions prior to 15.1.12.0. • https://support.eset.com/en/ca8268 • CWE-280: Improper Handling of Insufficient Permissions or Privileges CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2021-37852 – LPE in ESET products for Windows
https://notcve.org/view.php?id=CVE-2021-37852
31 Jan 2022 — ESET products for Windows allows untrusted process to impersonate the client of a pipe, which can be leveraged by attacker to escalate privileges in the context of NT AUTHORITY\SYSTEM. Los productos de ESET para Windows permiten a un proceso no confiable hacerse pasar por el cliente de una tubería, lo que puede ser aprovechado por un atacante para escalar privilegios en el contexto de NT AUTHORITY\SYSTEM This vulnerability allows local attackers to escalate privileges on affected installations of ESET Endpo... • https://support.eset.com/en/ca8223-local-privilege-escalation-vulnerability-fixed-in-eset-products-for-windows • CWE-269: Improper Privilege Management •
CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2020-26941
https://notcve.org/view.php?id=CVE-2020-26941
21 Jan 2021 — A local (authenticated) low-privileged user can exploit a behavior in an ESET installer to achieve arbitrary file overwrite (deletion) of any file via a symlink, due to insecure permissions. The possibility of exploiting this vulnerability is limited and can only take place during the installation phase of ESET products. Furthermore, exploitation can only succeed when Self-Defense is disabled. Affected products are: ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security, ESET Smart Security Premi... • https://support.eset.com/en/ca7794-local-privilege-escalation-vulnerability-fixed-in-eset-products-for-windows • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2020-11446
https://notcve.org/view.php?id=CVE-2020-11446
29 Apr 2020 — ESET Antivirus and Antispyware Module module 1553 through 1560 allows a user with limited access rights to create hard links in some ESET directories and then force the product to write through these links into files that would normally not be write-able by the user, thus achieving privilege escalation. Los módulos 1553 hasta 1560 de ESET Antivirus y Antispyware Module, permite a un usuario con derechos de acceso limitados crear enlaces físicos en algunos directorios de ESET y luego forzar al producto a esc... • https://support.eset.com/en/ca7489-local-privilege-escalation-vulnerability-fixed-in-eset-products-for-windows • CWE-59: Improper Link Resolution Before File Access ('Link Following') •