Summary
A report of a local privilege escalation vulnerability was submitted to ESET by Dmitriy Zuzlov from Positive Technologies. The vulnerability potentially allowed an attacker to misuse ESET’s file operations during the removal of a detected file on the Windows operating system to delete files without having proper permissions to do so.
Details
The vulnerability in the file operations handling during the removal of a detected file potentially allowed an attacker with an ability to execute low-privileged code on the target system to delete arbitrary files, thus escalating their privileges. ESET fixed the issue in the Cleaner module 1251, which was distributed automatically to ESET customers along with Detection engine updates. No action stemming from this advisory is required to be taken by ESET customers.
The CVE ID reserved for this vulnerability is CVE-2024-7400, with the CVSS v4.0 score 7.3 and the following CVSS 4.0 vector: AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
To the best of our knowledge, there are no existing exploits that take advantage of this vulnerability in the wild.
Solution
ESET released a fix for this vulnerability for installed products in the Cleaner module 1251, which was distributed and applied automatically. The distribution of the module update started on August 1 for pre-release users, followed by batches for users among the general public from August 12, with a full release on August 13. Instructions on how to check the versions of the installed modules are available in our Knowledgebase.
As previously installed products are patched by the Cleaner module update, customers with an ESET product installed and regularly updated do not need to take any action stemming from this advisory.
For new installations, we recommend using the latest installers downloaded from www.eset.com or the ESET repository.
Affected programs and versions
- ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security Premium, ESET Security Ultimate
- ESET Small Business Security and ESET Safe Server
- ESET Endpoint Antivirus and ESET Endpoint Security for Windows
- ESET Server Security for Windows Server (formerly File Security for Microsoft Windows Server)
- ESET Mail Security for Microsoft Exchange Server
- ESET Mail Security for IBM Domino
- ESET Security for Microsoft SharePoint Server
- ESET File Security for Microsoft Azure
Feedback & Support
If you have feedback or questions about this issue, contact us via the ESET Security Forum or local ESET Technical Support.
Acknowledgment
ESET values the principles of coordinated disclosure within the security industry and would like to express our thanks to Dmitriy Zuzlov (Positive Technologies).
Version log
Version 1.0 (September 20, 2024): Initial version of this document
