← back
CVE-2023-7043

Unquoted path privilege vulnerability in ESET products for Windows

CVSS 3.3 LOWEPSS 0.3%CWE-428
Unquoted service path in ESET products allows to drop a prepared program to a specific location and run on boot with the NT AUTHORITY\NetworkService permissions.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Affected products
ESET, spol. s r.o. · ESET Endpoint AntivirusESET, spol. s r.o. · ESET Endpoint SecurityESET, spol. s r.o. · ESET Internet SecurityESET, spol. s r.o. · ESET Mail Security for Microsoft Exchange ServerESET, spol. s r.o. · ESET NOD32 AntivirusESET, spol. s r.o. · ESET Smart Security Premium

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://support.eset.com/en/ca8602