CVE-2023-7043: Unquoted path privilege vulnerability in ESET products for Windows
First published: Wed Jan 31 2024(Updated: )
Unquoted service path in ESET products allows to drop a prepared program to a specific location and run on boot with the NT AUTHORITY\NetworkService permissions.
Credit: security@eset.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ESET Endpoint Antivirus for Linux | >=10.1.2046.0<11.0.2032.0 | |
| ESET Endpoint Security Windows | >=10.1.2046.0<11.0.2032.0 | |
| ESET Internet Security | >=16.1.14.0<17.0.15.0 | |
| ESET Mail Security for Microsoft Exchange Server | =10.1.10012.0 | |
| ESET NOD32 Antivirus | >=16.1.14.0<17.0.15.0 | |
| ESET Smart Security Premium | >=16.1.14.0<17.0.15.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-7043?
CVE-2023-7043 is considered a medium severity vulnerability due to the risk of unauthorized program execution with elevated permissions.
How do I fix CVE-2023-7043?
To fix CVE-2023-7043, ensure that you update your ESET software to a version that addresses this unquoted service path vulnerability.
Which ESET products are affected by CVE-2023-7043?
CVE-2023-7043 affects various versions of ESET Endpoint Antivirus, Endpoint Security, Internet Security, Mail Security for Microsoft Exchange Server, NOD32 Antivirus, and Smart Security Premium.
What permissions can be exploited in CVE-2023-7043?
CVE-2023-7043 can be exploited to execute a malicious program with NT AUTHORITY\NetworkService permissions.
Is user intervention required to exploit CVE-2023-7043?
Yes, exploiting CVE-2023-7043 requires an attacker to place a prepared program in a specific location before it can be executed on boot.
- agent/title
- agent/weakness
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- agent/event
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/eset
- canonical/eset endpoint antivirus for linux
- version/eset endpoint antivirus for linux/10.1.2046.0
- canonical/eset endpoint security windows
- version/eset endpoint security windows/10.1.2046.0
- canonical/eset internet security
- version/eset internet security/16.1.14.0
- canonical/eset mail security for microsoft exchange server
- version/eset mail security for microsoft exchange server/10.1.10012.0
- canonical/eset nod32 antivirus
- version/eset nod32 antivirus/16.1.14.0
- canonical/eset smart security premium
- version/eset smart security premium/16.1.14.0