Privilege escalation in Eset Cyber Security
CVE-2023-2847
During internal security analysis, a local privilege escalation vulnerability has been identified. On a machine with the affected ESET product installed, it was possible for a user with lower privileges due to improper privilege managemen…
Vulnerability class: Privilege Escalation
EPSS: 0.001 (4.4th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H.
Affected products
- Eset Cyber Security — versions 7.3.3700.0
- Eset Cyber_security
- Eset Endpoint_antivirus
- Eset Endpoint Antivirus For Linux — versions 9.1.11.0, 9.0.10.0, 8.1.12.0
- Eset Endpoint Antivirus For Macos — versions 7.3.3600.0
- Eset Server_security
- Eset Server Security For Linux — versions 9.1.98.0, 9.0.466.0, 8.1.823.0
Weakness classification (CWE)
References
- security@eset.com (vendor-advisory, Vendor Advisory)
Frequently asked questions
- What is CVE-2023-2847?
- CVE-2023-2847 is a high-severity vulnerability in Eset Cyber Security, classified under Improper Privilege Management. CVSS score: 7.8/10. Published 2023-06-15.
- How severe is CVE-2023-2847?
- High severity. CVSS v3 base score is 7.8 out of 10.