CVE-2023-2847: Local privilege escalation in ESET products for Linux and MacOS
First published: Thu Jun 15 2023(Updated: )
During internal security analysis, a local privilege escalation vulnerability has been identified. On a machine with the affected ESET product installed, it was possible for a user with lower privileges due to improper privilege management to trigger actions with root privileges. ESET remedied this possible attack vector and has prepared new builds of its products that are no longer susceptible to this vulnerability.
Credit: security@eset.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ESET Cyber Security for Mac | >=7.3.0<7.3.3700.0 | |
| ESET Endpoint Antivirus for Linux | <8.1.12.0 | |
| ESET Endpoint Antivirus | >=7.0.0<7.3.3600.0 | |
| ESET Endpoint Antivirus for Linux | >=9.0.5.0<9.0.10.0 | |
| ESET Endpoint Antivirus for Linux | >=9.1.4.0<9.1.11.0 | |
| ESET Server Security for Linux | <8.1.823.0 | |
| ESET Server Security for Linux | >=9.0.464.0<9.0.466.0 | |
| ESET Server Security for Linux | >=9.1.96.0<9.1.98.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-2847?
The severity of CVE-2023-2847 is high (7.8).
Which ESET products are affected by CVE-2023-2847?
The following ESET products are affected by CVE-2023-2847: Eset Cyber Security, Eset Endpoint Antivirus, and Eset Server Security.
How can a local privilege escalation vulnerability be exploited?
A user with lower privileges can exploit a local privilege escalation vulnerability to trigger actions with root privileges on a machine with the affected ESET product installed.
What is the recommended solution for CVE-2023-2847?
ESET has released a remedy for CVE-2023-2847. It is recommended to update to the latest version of the affected ESET product.
Where can I find more information about CVE-2023-2847?
More information about CVE-2023-2847 can be found at the following reference: [link](https://support.eset.com/en/ca8447).
- agent/type
- agent/severity
- agent/references
- agent/author
- agent/title
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/eset
- canonical/eset cyber security for mac
- version/eset cyber security for mac/7.3.0
- canonical/eset endpoint antivirus for linux
- canonical/eset endpoint antivirus
- version/eset endpoint antivirus/7.0.0
- version/eset endpoint antivirus for linux/9.0.5.0
- version/eset endpoint antivirus for linux/9.1.4.0
- canonical/eset server security for linux
- version/eset server security for linux/9.0.464.0
- version/eset server security for linux/9.1.96.0