{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-0353","assignerOrgId":"4a9b9929-2450-4021-b7b9-469a0255b215","state":"PUBLISHED","assignerShortName":"ESET","dateReserved":"2024-01-09T14:21:58.755Z","datePublished":"2024-02-15T07:40:24.786Z","dateUpdated":"2025-12-10T19:33:58.732Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"ESET NOD32 Antivirus","vendor":"ESET, spol. s r.o.","versions":[{"lessThanOrEqual":"16.2.15.0","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"ESET Internet Security","vendor":"ESET, spol. s r.o.","versions":[{"lessThanOrEqual":"16.2.15.0","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"ESET Smart Security Premium","vendor":"ESET, spol. s r.o.","versions":[{"lessThanOrEqual":"16.2.15.0","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"ESET Security Ultimate","vendor":"ESET, spol. s r.o.","versions":[{"lessThanOrEqual":"16.2.15.0","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"ESET Endpoint Antivirus for Windows","vendor":"ESET, spol. s r.o.","versions":[{"lessThanOrEqual":"10.1.2058.0","status":"affected","version":"0","versionType":"custom"},{"lessThanOrEqual":"10.0.2049.0","status":"affected","version":"0","versionType":"custom"},{"lessThanOrEqual":"9.1.2066.0","status":"affected","version":"0","versionType":"custom"},{"lessThanOrEqual":"8.1.2052.0","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"ESET Endpoint Security for Windows","vendor":"ESET, spol. s r.o.","versions":[{"lessThanOrEqual":"10.1.2058.0","status":"affected","version":"0","versionType":"custom"},{"lessThanOrEqual":"10.0.2049.0","status":"affected","version":"0","versionType":"custom"},{"lessThanOrEqual":"9.1.2066.0","status":"affected","version":"0","versionType":"custom"},{"lessThanOrEqual":"8.1.2052.0","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"ESET Server Security for Windows Server","vendor":"ESET, spol. s r.o.","versions":[{"lessThanOrEqual":"10.0.12014.0","status":"affected","version":"0","versionType":"custom"},{"lessThanOrEqual":"9.0.12018.0","status":"affected","version":"0","versionType":"custom"},{"lessThanOrEqual":"8.0.12015.0","status":"affected","version":"0","versionType":"custom"},{"lessThanOrEqual":"7.3.12011.0","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"ESET Mail Security for Microsoft Exchange Server","vendor":"ESET, spol. s r.o.","versions":[{"lessThanOrEqual":"10.1.10010.0","status":"affected","version":"0","versionType":"custom"},{"lessThanOrEqual":"10.0.10017.0","status":"affected","version":"0","versionType":"custom"},{"lessThanOrEqual":"9.0.10011.0","status":"affected","version":"0","versionType":"custom"},{"lessThanOrEqual":"8.0.10022.0","status":"affected","version":"0","versionType":"custom"},{"lessThanOrEqual":"7.3.10014.0","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"ESET Mail Security for IBM Domino","vendor":"ESET, spol. s r.o.","versions":[{"lessThanOrEqual":"10.0.14006.0","status":"affected","version":"0","versionType":"custom"},{"lessThanOrEqual":"9.0.14007.0","status":"affected","version":"0","versionType":"custom"},{"lessThanOrEqual":"8.0.14010.0","status":"affected","version":"0","versionType":"custom"},{"lessThanOrEqual":"7.3.14004.0","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"ESET Security for Microsoft SharePoint Server","vendor":"ESET, spol. s r.o.","versions":[{"lessThanOrEqual":"10.0.15004.0","status":"affected","version":"0","versionType":"custom"},{"lessThanOrEqual":"9.0.15005.0","status":"affected","version":"0","versionType":"custom"},{"lessThanOrEqual":"8.0.15011.0","status":"affected","version":"0","versionType":"custom"},{"lessThanOrEqual":"7.3.15004.0","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"ESET File Security for Microsoft Azure","vendor":"ESET, spol. s r.o.","versions":[{"lessThanOrEqual":"all versions","status":"affected","version":"0","versionType":"custom"}]}],"datePublic":"2024-02-14T11:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete files without having proper permission."}],"value":"Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete files without having proper permission."}],"impacts":[{"capecId":"CAPEC-233","descriptions":[{"lang":"en","value":"CAPEC-233 Privilege Escalation"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-269","description":"CWE-269 Improper Privilege Management","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"4a9b9929-2450-4021-b7b9-469a0255b215","shortName":"ESET","dateUpdated":"2024-02-15T07:40:24.786Z"},"references":[{"url":"https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed"}],"source":{"advisory":"ca8612","discovery":"UNKNOWN"},"title":"Local privilege escalation in Windows products","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-12-10T19:33:58.732Z"},"references":[{"url":"https://packetstormsecurity.com/files/182464/ESET-NOD32-Antivirus-18.0.12.0-Unquoted-Service-Path.html"},{"url":"https://packetstormsecurity.com/files/179495/ESET-NOD32-Antivirus-17.2.7.0-Unquoted-Service-Path.html"},{"url":"https://www.exploit-db.com/exploits/51351"},{"url":"https://www.exploit-db.com/exploits/51964"},{"tags":["x_transferred"],"url":"https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed"}],"title":"CVE Program Container","x_generator":{"engine":"ADPogram 0.0.1"}},{"affected":[{"vendor":"eset","product":"nod32_antivirus","cpes":["cpe:2.3:a:eset:nod32_antivirus:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"16.2.15.0","versionType":"custom"}]},{"vendor":"eset","product":"internet_security","cpes":["cpe:2.3:a:eset:internet_security:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"16.2.15.0","versionType":"custom"}]},{"vendor":"eset","product":"smart_security_premium","cpes":["cpe:2.3:a:eset:smart_security_premium:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"16.2.15.0","versionType":"custom"}]},{"vendor":"eset","product":"security_ultimate","cpes":["cpe:2.3:a:eset:security_ultimate:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"16.2.15.0","versionType":"custom"}]},{"vendor":"eset","product":"endpoint_antivirus","cpes":["cpe:2.3:a:eset:endpoint_antivirus:-:*:*:*:*:windows:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"10.1.2058.0","versionType":"custom"}]},{"vendor":"eset","product":"endpoint_security","cpes":["cpe:2.3:a:eset:endpoint_security:-:*:*:*:*:windows:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"10.1.2058.0","versionType":"custom"}]},{"vendor":"eset","product":"server_security","cpes":["cpe:2.3:a:eset:server_security:-:*:*:*:*:windows_server:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"10.0.12014.0","versionType":"custom"}]},{"vendor":"eset","product":"mail_security","cpes":["cpe:2.3:a:eset:mail_security:-:*:*:*:*:exchange_server:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"10.1.10010.0","versionType":"custom"}]},{"vendor":"eset","product":"mail_security","cpes":["cpe:2.3:a:eset:mail_security:-:*:*:*:*:domino:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"10.0.14006.0","versionType":"custom"}]},{"vendor":"eset","product":"security","cpes":["cpe:2.3:a:eset:security:-:*:*:*:*:sharepoint_server:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"10.0.15004.0","versionType":"custom"}]},{"vendor":"eset","product":"file_security","cpes":["cpe:2.3:a:eset:file_security:-:*:*:*:*:azure:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"*","versionType":"custom"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-08-20T19:22:48.853538Z","id":"CVE-2024-0353","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-08-20T19:53:00.534Z"}}]}}