CVE-2023-4383 – MicroWorld eScan Anti-Virus runasroot incorrect execution-assigned permissions
https://notcve.org/view.php?id=CVE-2023-4383
A vulnerability, which was classified as critical, was found in MicroWorld eScan Anti-Virus 7.0.32 on Linux. This affects an unknown part of the file runasroot. The manipulation leads to incorrect execution-assigned permissions. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. • https://gist.github.com/dmknght/ac489cf3605ded09b3925521afee3003 https://vuldb.com/?ctiid.237315 https://vuldb.com/?id.237315 • CWE-279: Incorrect Execution-Assigned Permissions CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2023-2875 – eScan Antivirus IoControlCode PROCOBSRVESX.SYS 0x22E008u null pointer dereference
https://notcve.org/view.php?id=CVE-2023-2875
A vulnerability, which was classified as problematic, was found in eScan Antivirus 22.0.1400.2443. Affected is the function 0x22E008u in the library PROCOBSRVESX.SYS of the component IoControlCode Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. • https://drive.google.com/file/d/1fvlP0d9HmApjWhYDjgsdco7g7FPsbn0V/view?usp=sharing https://github.com/zeze-zeze/WindowsKernelVuln/blob/master/CVE-2023-2875 https://vuldb.com/?ctiid.229854 https://vuldb.com/?id.229854 • CWE-476: NULL Pointer Dereference •
CVE-2021-26624 – eScan Anti-Virus Local privilege escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-26624
An local privilege escalation vulnerability due to a "runasroot" command in eScan Anti-Virus. This vulnerability is due to invalid arguments and insufficient execution conditions related to "runasroot" command. This vulnerability can induce remote attackers to exploit root privileges by manipulating parameter values. Una vulnerabilidad de escalada de privilegios local debido a un comando "runasroot" en eScan Anti-Virus. Esta vulnerabilidad es debido a argumentos no válidos y condiciones de ejecución insuficientes relacionadas con el comando "runasroot". • https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66596 • CWE-20: Improper Input Validation •
CVE-2018-18388
https://notcve.org/view.php?id=CVE-2018-18388
eScan Agent Application (MWAGENT.EXE) 4.0.2.98 in MicroWorld Technologies eScan 14.0 allows remote or local attackers to execute arbitrary commands by sending a carefully crafted payload to TCP port 2222. eScan Agent Application (MWAGENT.EXE) 4.0.2.98 en MicroWorld Technologies eScan 14.0 permite que atacantes locales o remotos ejecuten comandos arbitrarios mediante el envío de una carga útil cuidadosamente manipulada al puerto TCP 2222. • http://blog.escanav.com/2018/11/cve-2018-18388 •