PT-2022-2557 · Eset+2 · Eset Security For Microsoft Sharepoint Server+12

Brecht Snijders

·

Published

2022-03-14

·

Updated

2022-05-18

·

CVE-2022-27167

CVSS v3.1

7.1

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Name of the Vulnerable Software and Affected Versions ESET NOD32 Antivirus versions prior to 15.1.12.0 ESET Internet Security versions prior to 15.1.12.0 ESET Smart Security Premium versions prior to 15.1.12.0 ESET Endpoint Antivirus versions prior to 9.0.2046.0 ESET Endpoint Security versions prior to 9.0.2046.0 ESET Server Security for Microsoft Windows Server versions prior to 9.0.12012.0 ESET File Security for Microsoft Windows Server version 8.0.12013.0 ESET Mail Security for Microsoft Exchange Server versions prior to 8.0.10020.0 ESET Mail Security for IBM Domino versions prior to 8.0.14011.0 ESET Security for Microsoft SharePoint Server versions prior to 8.0.15009.0
Description The issue is related to a privilege escalation vulnerability in ESET products, which can be exploited due to incorrect handling of insufficient permissions or privileges. This may allow an attacker to delete arbitrary files by exploiting the "Repair" and "Uninstall" features.
Recommendations For ESET NOD32 Antivirus versions prior to 15.1.12.0, update to version 15.1.12.0 or later. For ESET Internet Security versions prior to 15.1.12.0, update to version 15.1.12.0 or later. For ESET Smart Security Premium versions prior to 15.1.12.0, update to version 15.1.12.0 or later. For ESET Endpoint Antivirus versions prior to 9.0.2046.0, update to version 9.0.2046.0 or later. For ESET Endpoint Security versions prior to 9.0.2046.0, update to version 9.0.2046.0 or later. For ESET Server Security for Microsoft Windows Server versions prior to 9.0.12012.0, update to version 9.0.12012.0 or later. For ESET File Security for Microsoft Windows Server version 8.0.12013.0, consider updating to a newer version, but no specific fixed version is provided. For ESET Mail Security for Microsoft Exchange Server versions prior to 8.0.10020.0, update to version 8.0.10020.0 or later. For ESET Mail Security for IBM Domino versions prior to 8.0.14011.0, update to version 8.0.14011.0 or later. For ESET Security for Microsoft SharePoint Server versions prior to 8.0.15009.0, update to version 8.0.15009.0 or later.

Fix

Improper Handling of Exceptional Conditions

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-755CWE-280

Related Identifiers

BDU:2022-02987
CVE-2022-27167

Affected Products

Eset Endpoint Antivirus
Eset Endpoint Security
Eset File Security For Microsoft Windows Server
Eset Internet Security
Eset Mail Security For Ibm Domino
Eset Mail Security For Microsoft Exchange Server
Eset Nod32 Antivirus
Eset Security For Microsoft Sharepoint Server
Eset Smart Security Premium
Ibm Domino
Exchange Server
Sharepoint Server
Windows Server