A report of a local privilege escalation vulnerability was submitted to ESET by the Zero Day Initiative (ZDI). The vulnerability potentially allowed an attacker to misuse ESET’s file operations during a module update to delete or move files without having proper permissions to do so.
ESET fixed the issue with HIPS support module 1463, which was distributed automatically to ESET customers along with Detection engine updates. No action stemming from this vulnerability report is required to be taken by our customers.
The vulnerability allows a user logged on to the system to perform a privilege escalation attack, misusing the ESET GUI to plant malicious files required for the attack into specific folders and later misusing file operations performed by ESET’s updater component to possibly delete or move any arbitrary file.
To the best of our knowledge, there are no existing exploits that take advantage of this vulnerability in the wild.
The CVE ID reserved for this vulnerability is CVE-2023-3160, with the following CVSS v3.1 score and vector:
ESET released an update with HIPS support module 1463 to patch this vulnerability in already installed products, which was distributed automatically. The distribution of the module update started on June 26 for pre-release users, followed by batches for general public users from June 28, with a full release on July 5. See the instructions how to check the versions of the modules.
As already installed products are patched by the HIPS support module update, customers with an ESET product installed and regularly updated do not need to take any action stemming from this vulnerability report.
For new installations, we recommend using the latest installers downloaded from www.eset.com or the ESET repository.
ESET values the principles of coordinated disclosure within the security industry and would like to express our thanks to Trend Micro’s Zero Day Initiative team.
Version 1.0 (August 11, 2023): Initial version of this document