CVE-2024-7400

Local privilege escalation in ESET products for Windows

Severity Score

8.5

*CVSS v4

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

MITRE

The vulnerability potentially allowed an attacker to misuse ESET’s file operations during the removal of a detected file on the Windows operating system to delete files without having proper permissions to do so.

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

Low

Attack Requirements

None

Privileges Required

Low

User Interaction

None

System

Vulnerable | Subsequent

Confidentiality

High

None

Integrity

High

None

Availability

High

None

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2024-08-02 CVE Reserved
2024-09-27 CVE Published
2024-09-27 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-1386: Insecure Operation on Windows Junction / Mount Point

CAPEC

CAPEC-233: Privilege Escalation

References (1)

URL	Tag	Source
https://support.eset.com/en/ca8726-local-privilege-escalation-fixed-for-vulnerability-during-detected-file-removal-in-eset-products-for-windows

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
ESET, Spol. S R.o. Search vendor "ESET, Spol. S R.o."		ESET NOD32 Antivirus Search vendor "ESET, Spol. S R.o." for product "ESET NOD32 Antivirus"				<= 1250 Search vendor "ESET, Spol. S R.o." for product "ESET NOD32 Antivirus" and version " <= 1250"		en		Affected
ESET, Spol. S R.o. Search vendor "ESET, Spol. S R.o."		ESET Internet Security Search vendor "ESET, Spol. S R.o." for product "ESET Internet Security"				<= 1250 Search vendor "ESET, Spol. S R.o." for product "ESET Internet Security" and version " <= 1250"		en		Affected
ESET, Spol. S R.o. Search vendor "ESET, Spol. S R.o."		ESET Smart Security Premium Search vendor "ESET, Spol. S R.o." for product "ESET Smart Security Premium"				<= 1250 Search vendor "ESET, Spol. S R.o." for product "ESET Smart Security Premium" and version " <= 1250"		en		Affected
ESET, Spol. S R.o. Search vendor "ESET, Spol. S R.o."		ESET Security Ultimate Search vendor "ESET, Spol. S R.o." for product "ESET Security Ultimate"				<= 1250 Search vendor "ESET, Spol. S R.o." for product "ESET Security Ultimate" and version " <= 1250"		en		Affected
ESET, Spol. S R.o. Search vendor "ESET, Spol. S R.o."		ESET Small Business Security Search vendor "ESET, Spol. S R.o." for product "ESET Small Business Security"				<= 1250 Search vendor "ESET, Spol. S R.o." for product "ESET Small Business Security" and version " <= 1250"		en		Affected
ESET, Spol. S R.o. Search vendor "ESET, Spol. S R.o."		ESET Safe Server Search vendor "ESET, Spol. S R.o." for product "ESET Safe Server"				<= 1250 Search vendor "ESET, Spol. S R.o." for product "ESET Safe Server" and version " <= 1250"		en		Affected
ESET, Spol. S R.o. Search vendor "ESET, Spol. S R.o."		ESET Endpoint Antivirus Search vendor "ESET, Spol. S R.o." for product "ESET Endpoint Antivirus"				<= 1250 Search vendor "ESET, Spol. S R.o." for product "ESET Endpoint Antivirus" and version " <= 1250"		en		Affected
ESET, Spol. S R.o. Search vendor "ESET, Spol. S R.o."		ESET Endpoint Security For Windows Search vendor "ESET, Spol. S R.o." for product "ESET Endpoint Security For Windows"				<= 1250 Search vendor "ESET, Spol. S R.o." for product "ESET Endpoint Security For Windows" and version " <= 1250"		en		Affected
ESET, Spol. S R.o. Search vendor "ESET, Spol. S R.o."		ESET Server Security For Windows Server Search vendor "ESET, Spol. S R.o." for product "ESET Server Security For Windows Server"				<= 1250 Search vendor "ESET, Spol. S R.o." for product "ESET Server Security For Windows Server" and version " <= 1250"		en		Affected
ESET, Spol. S R.o. Search vendor "ESET, Spol. S R.o."		ESET Mail Security For Microsoft Exchange Server Search vendor "ESET, Spol. S R.o." for product "ESET Mail Security For Microsoft Exchange Server"				<= 1250 Search vendor "ESET, Spol. S R.o." for product "ESET Mail Security For Microsoft Exchange Server" and version " <= 1250"		en		Affected
ESET, Spol. S R.o. Search vendor "ESET, Spol. S R.o."		ESET Mail Security For IBM Domino Search vendor "ESET, Spol. S R.o." for product "ESET Mail Security For IBM Domino"				<= 1250 Search vendor "ESET, Spol. S R.o." for product "ESET Mail Security For IBM Domino" and version " <= 1250"		en		Affected
ESET, Spol. S R.o. Search vendor "ESET, Spol. S R.o."		ESET Security For Microsoft SharePoint Server Search vendor "ESET, Spol. S R.o." for product "ESET Security For Microsoft SharePoint Server"				<= 1250 Search vendor "ESET, Spol. S R.o." for product "ESET Security For Microsoft SharePoint Server" and version " <= 1250"		en		Affected
ESET, Spol. S R.o. Search vendor "ESET, Spol. S R.o."		ESET File Security For Microsoft Azure Search vendor "ESET, Spol. S R.o." for product "ESET File Security For Microsoft Azure"				<= 1250 Search vendor "ESET, Spol. S R.o." for product "ESET File Security For Microsoft Azure" and version " <= 1250"		en		Affected