// For flags

CVE-2016-9892

ESET Endpoint Antivirus 6 Remote Code Execution

Severity Score

5.9
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The esets_daemon service in ESET Endpoint Antivirus for macOS before 6.4.168.0 and Endpoint Security for macOS before 6.4.168.0 does not properly verify X.509 certificates from the edf.eset.com SSL server, which allows man-in-the-middle attackers to spoof this server and provide crafted responses to license activation requests via a self-signed certificate. NOTE: this issue can be combined with CVE-2016-0718 to execute arbitrary code remotely as root.

El servicio esets_daemon en ESET Endpoint Antivirus para macOS en versiones anteriores a 6.4.168.0 y Endpoint Security para macOS en versiones anteriores a 6.4.168.0 no verifica adecuadamente certificados X.509 del servidor SSL edf.eset.com, lo que permite a atacantes man-in-the-middle suplantar este servidor y proporcionar respuestas manipuladas para las peticiones de activación de las licencias a través de un certificado autofirmado. NOTA: este problema puede combinarse con CVE-2016-0718 para ejecutar código arbitrario remotamente como root.

ESET Endpoint Antivirus 6 suffers from a remote code execution vulnerability.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2016-12-07 CVE Reserved
  • 2017-02-27 CVE Published
  • 2024-08-06 CVE Updated
  • 2024-08-06 First Exploit
  • 2024-09-14 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-295: Improper Certificate Validation
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Eset
Search vendor "Eset"
Endpoint Antivirus
Search vendor "Eset" for product "Endpoint Antivirus"
6.3.70.1
Search vendor "Eset" for product "Endpoint Antivirus" and version "6.3.70.1"
macos
Affected
Eset
Search vendor "Eset"
Endpoint Security
Search vendor "Eset" for product "Endpoint Security"
6.3.70.1
Search vendor "Eset" for product "Endpoint Security" and version "6.3.70.1"
macos
Affected