ESET fixed two privilege escalation flaws in its products

ESET addressed two local privilege escalation vulnerabilities in security products for Windows and macOS operating systems.

Cybersecurity firm ESET released security patches for two local privilege escalation vulnerabilities impacting Windows and macOS products.

The first vulnerability, tracked as CVE-2024-7400 (CVSS score of 7.3), could allow an attacker to misuse ESET’s file operations during the removal of a detected file to delete files without having proper permissions to do so.

The vulnerability impacts Windows OS, Positive Technologies Dmitriy Zuzlov reported the issue to ESET.

“The vulnerability in the file operations handling during the removal of a detected file potentially allowed an attacker with an ability to execute low-privileged code on the target system to delete arbitrary files, thus escalating their privileges.” reads the advisory. “ESET fixed the issue in the Cleaner module 1251, which was distributed automatically to ESET customers along with Detection engine updates. No action stemming from this advisory is required to be taken by ESET customers.”

The vulnerability impacts the following programs and versions:

• ESET File Security for Microsoft Azure
• ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security Premium, ESET Security Ultimate
• ESET Small Business Security and ESET Safe Server
• ESET Endpoint Antivirus and ESET Endpoint Security for Windows
• ESET Server Security for Windows Server (formerly File Security for Microsoft Windows Server)
• ESET Mail Security for Microsoft Exchange Server
• ESET Mail Security for IBM Domino
• ESET Security for Microsoft SharePoint Server

The company addressed the flaw with a fix in the Cleaner module 1251, which was automatically distributed. Pre-release users received the update starting August 1, followed by general users from August 12, with full release on August 13. Customers with regularly updated ESET products are automatically patched and need no further action. For new installations, ESET recommends downloading the latest installers from their website or repository.

ESET also addressed a local privilege escalation vulnerability, tracked as CVE-2024-6654 (CVSS score 6.8), in macOS products.

The vulnerability allows a logged user to perform a denial-of-service attack, which could be misused to disable the ESET security product and cause general system slow-down.

“ESET received a report stating that on a machine with the affected ESET product installed, it was possible for a user with low privileges to plant a symlink to a specific location, preventing ESET security product from starting properly.” reads the advisory.

The flaw impacts the following products:

• ESET Cyber Security 7.0 – 7.4.1600.0
• ESET Endpoint Antivirus for macOS 7.0 – 7.5.50.0

The company released Cyber Security version 7.5.74.0 and Endpoint Security for macOS version 8.0.7200.0 to address this issue.

The security firm is not aware of public exploits for both vulnerabilities. 

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Privilege Escalation)