Vulnerabilites related to eset - antivirus_and_antispyware
cve-2020-11446
Vulnerability from cvelistv5
Published
2020-04-29 13:15
Modified
2024-08-04 11:28
Severity ?
EPSS score ?
Summary
ESET Antivirus and Antispyware Module module 1553 through 1560 allows a user with limited access rights to create hard links in some ESET directories and then force the product to write through these links into files that would normally not be write-able by the user, thus achieving privilege escalation.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.eset.com/en/ca7489-local-privilege-escalation-vulnerability-fixed-in-eset-products-for-windows | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:28:14.011Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.eset.com/en/ca7489-local-privilege-escalation-vulnerability-fixed-in-eset-products-for-windows"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-04-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ESET Antivirus and Antispyware Module module 1553 through 1560 allows a user with limited access rights to create hard links in some ESET directories and then force the product to write through these links into files that would normally not be write-able by the user, thus achieving privilege escalation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-29T13:15:49",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.eset.com/en/ca7489-local-privilege-escalation-vulnerability-fixed-in-eset-products-for-windows"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11446",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ESET Antivirus and Antispyware Module module 1553 through 1560 allows a user with limited access rights to create hard links in some ESET directories and then force the product to write through these links into files that would normally not be write-able by the user, thus achieving privilege escalation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.eset.com/en/ca7489-local-privilege-escalation-vulnerability-fixed-in-eset-products-for-windows",
"refsource": "CONFIRM",
"url": "https://support.eset.com/en/ca7489-local-privilege-escalation-vulnerability-fixed-in-eset-products-for-windows"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11446",
"datePublished": "2020-04-29T13:15:49",
"dateReserved": "2020-04-01T00:00:00",
"dateUpdated": "2024-08-04T11:28:14.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2020-04-29 14:15
Modified
2024-11-21 04:57
Severity ?
Summary
ESET Antivirus and Antispyware Module module 1553 through 1560 allows a user with limited access rights to create hard links in some ESET directories and then force the product to write through these links into files that would normally not be write-able by the user, thus achieving privilege escalation.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| eset | antivirus_and_antispyware | * | |
| eset | endpoint_antivirus | - | |
| eset | endpoint_security | - | |
| eset | file_security | - | |
| eset | internet_security | - | |
| eset | mail_security | - | |
| eset | mail_security | - | |
| eset | mail_security | - | |
| eset | mail_security | - | |
| eset | nod32_antivirus | - | |
| eset | nod32_antivirus | - | |
| eset | smart_security | - | |
| eset | smart_security | - | |
| eset | smart_security | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:eset:antivirus_and_antispyware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBC3B9B3-1446-4630-88FE-65D41B1D077D",
"versionEndIncluding": "1560",
"versionStartIncluding": "1553",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eset:endpoint_antivirus:-:*:*:*:*:-:*:*",
"matchCriteriaId": "2B76C798-A8F7-4705-B85A-98CE4C44AC53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eset:endpoint_security:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81593DEE-54D7-49D5-9AE6-20B7E2B0AF8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eset:file_security:-:*:*:*:*:windows_server:*:*",
"matchCriteriaId": "EDA61743-424D-40C9-ADD5-25AF8786BB0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eset:internet_security:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2CAD248-1F32-4459-A530-8706E334C67F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eset:mail_security:-:*:*:*:*:domino:*:*",
"matchCriteriaId": "5043B5B1-38B2-4621-B738-A79E5DF8D98E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eset:mail_security:-:*:*:*:*:exchange_server:*:*",
"matchCriteriaId": "DE40A56E-EBC0-43C8-85FB-868802B4817F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eset:mail_security:-:*:*:*:*:kerio:*:*",
"matchCriteriaId": "B322B8F3-DD12-4177-9DDF-BCFCD39DB12A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eset:mail_security:-:*:*:*:*:sharepoint_server:*:*",
"matchCriteriaId": "EB4668BB-DE5D-443B-9A76-353688EE919B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eset:nod32_antivirus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6253FAFB-0AE6-494A-950D-EB0EB15E982C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eset:nod32_antivirus:-:*:*:*:business:*:*:*",
"matchCriteriaId": "12E15271-D518-48E1-AE47-3080A748E131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eset:smart_security:-:*:*:*:-:*:*:*",
"matchCriteriaId": "CE29DD0C-648B-4B6F-B080-B350E8210B4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eset:smart_security:-:*:*:*:business:*:*:*",
"matchCriteriaId": "38FD5027-F4B6-4398-B93A-DDF0FFC74386",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eset:smart_security:-:*:*:*:premium:*:*:*",
"matchCriteriaId": "375F46B4-9FDF-48FB-935A-8BB6FEF5221A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ESET Antivirus and Antispyware Module module 1553 through 1560 allows a user with limited access rights to create hard links in some ESET directories and then force the product to write through these links into files that would normally not be write-able by the user, thus achieving privilege escalation."
},
{
"lang": "es",
"value": "Los m\u00f3dulos 1553 hasta 1560 de ESET Antivirus y Antispyware Module, permite a un usuario con derechos de acceso limitados crear enlaces f\u00edsicos en algunos directorios de ESET y luego forzar al producto a escribir por medio de estos enlaces en archivos que normalmente no podr\u00edan ser escritos por el usuario, logrando as\u00ed una escalada de privilegios."
}
],
"id": "CVE-2020-11446",
"lastModified": "2024-11-21T04:57:56.070",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-29T14:15:17.607",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://support.eset.com/en/ca7489-local-privilege-escalation-vulnerability-fixed-in-eset-products-for-windows"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.eset.com/en/ca7489-local-privilege-escalation-vulnerability-fixed-in-eset-products-for-windows"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}