News
ESET Customer Advisory 2023-0005
June 14, 2023
Severity: High
Summary
ESET internally discovered a vulnerability in its Linux and macOS products. Fixed product versions are available to download, and we recommend upgrading or scheduling upgrades for them.
Solution
ESET prepared fixed builds of its consumer, business and server products. The fixed builds are available in the Download section of www.eset.com or via ESET Repository.
This issue is resolved in the following builds:
- ESET Server Security for Linux 9.1.98.0, 9.0.466.0, 8.1.823.0 and later from the respective version family
- ESET Endpoint Antivirus for Linux 9.1.11.0, 9.0.10.0 and 8.1.12.0 and later from the respective version family
- ESET Cyber Security 7.3.3700.0 and later
- ESET Endpoint Antivirus for macOS 7.3.3600.0 and later
Affected Programs and Versions
- ESET Server Security for Linux 9.1.96.0, 9.0.464.0, 8.1.820.0 and earlier from the respective version family
- ESET Endpoint Antivirus for Linux 9.1.4.0, 9.0.5.0, 8.1.7.0 and earlier from the respective version family
- ESET Cyber Security from version 7.3 to 7.3.2100.0
- ESET Endpoint Antivirus for macOS from version 7.0 to 7.2.1600.0
Details
During an internal security analysis, a local privilege escalation vulnerability was identified. On a machine with the affected ESET product installed, a user with lower privileges could trigger actions with root privileges.
ESET remedied this possible attack vector and has prepared new builds of its products that are no longer susceptible to this vulnerability.
The reserved CVE ID for this vulnerability is CVE-2023-2847. ESET evaluated the severity of this vulnerability as High, and the CVSS v3.1 base score is 7.8 with the following vector: AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H.
To our best knowledge, no existing exploits take advantage of this vulnerability in the wild.
Feedback & Support
If you have feedback or questions about this issue, please contact us via the ESET Security Forum or local ESET Technical Support.
Reporting security vulnerabilities to ESET
ESET welcomes reports of security vulnerabilities in its products. See http://www.eset.com/int/security-vulnerability-reporting/
Version Log
-
Version 1.0 (June 14, 2023): Initial version of this document