What is the severity of CVE-2016-9892?

CVE-2016-9892 is rated as a high severity vulnerability due to its potential for exploitation by man-in-the-middle attackers.

How do I fix CVE-2016-9892?

To fix CVE-2016-9892, upgrade to ESET Endpoint Antivirus or ESET Endpoint Security version 6.4.168.0 or later.

What could an attacker achieve by exploiting CVE-2016-9892?

An attacker exploiting CVE-2016-9892 could spoof the edf.eset.com SSL server and deliver malicious responses to affected clients.

Which versions of ESET software are affected by CVE-2016-9892?

CVE-2016-9892 affects ESET Endpoint Antivirus and ESET Endpoint Security versions prior to 6.4.168.0.

Is there any workaround for CVE-2016-9892?

There are no known effective workarounds for CVE-2016-9892 other than applying the necessary software upgrade.

Vulnerability/
CVE-2016-9892

medium

5.9

CWE

295

2/3/2017

6/8/2024

CVE-2016-9892

First published: Thu Mar 02 2017(Updated: )

The esets_daemon service in ESET Endpoint Antivirus for macOS before 6.4.168.0 and Endpoint Security for macOS before 6.4.168.0 does not properly verify X.509 certificates from the edf.eset.com SSL server, which allows man-in-the-middle attackers to spoof this server and provide crafted responses to license activation requests via a self-signed certificate. NOTE: this issue can be combined with CVE-2016-0718 to execute arbitrary code remotely as root.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
ESET Endpoint Antivirus	=6.3.70.1
ESET Endpoint Security	=6.3.70.1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-9892?
CVE-2016-9892 is rated as a high severity vulnerability due to its potential for exploitation by man-in-the-middle attackers.
How do I fix CVE-2016-9892?
To fix CVE-2016-9892, upgrade to ESET Endpoint Antivirus or ESET Endpoint Security version 6.4.168.0 or later.
What could an attacker achieve by exploiting CVE-2016-9892?
An attacker exploiting CVE-2016-9892 could spoof the edf.eset.com SSL server and deliver malicious responses to affected clients.
Which versions of ESET software are affected by CVE-2016-9892?
CVE-2016-9892 affects ESET Endpoint Antivirus and ESET Endpoint Security versions prior to 6.4.168.0.
Is there any workaround for CVE-2016-9892?
There are no known effective workarounds for CVE-2016-9892 other than applying the necessary software upgrade.

agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/author
agent/last-modified-date
agent/severity
agent/weakness
agent/event
agent/description
agent/first-publish-date
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/eset
canonical/eset endpoint antivirus
version/eset endpoint antivirus/6.3.70.1
canonical/eset endpoint security
version/eset endpoint security/6.3.70.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.