CVE-2024-0353: Local privilege escalation in Windows products
First published: Thu Feb 15 2024(Updated: )
Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete files without having proper permission.
Credit: security@eset.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ESET ESET | ||
| ESET Endpoint Antivirus Windows | <8.1.2062.0 | |
| ESET Endpoint Antivirus Windows | >=9.0<9.1.2071.0 | |
| ESET Endpoint Antivirus Windows | >=10.0<10.0.2052.0 | |
| ESET Endpoint Antivirus Windows | >=10.1<10.1.2063.0 | |
| ESET Endpoint Antivirus Windows | >=11.0<11.0.2032.0 | |
| ESET Endpoint Security Windows | <8.1.2062.0 | |
| ESET Endpoint Security Windows | >=9.0<9.1.2071.0 | |
| ESET Endpoint Security Windows | >=10.0<10.0.2052.0 | |
| ESET Endpoint Security Windows | >=10.1<10.1.2063.0 | |
| ESET Endpoint Security Windows | >=11.0<11.0.2032.0 | |
| ESET File Security for Azure | ||
| ESET Internet Security | <17.0.10.0 | |
| ESET Mail Security for Microsoft Exchange Server | <7.3.10018.0 | |
| ESET Mail Security for IBM Domino | <7.3.14006.0 | |
| ESET Mail Security for Microsoft Exchange Server | >=8.0<8.0.10024.0 | |
| ESET Mail Security for IBM Domino | >=8.0<8.0.14014.0 | |
| ESET Mail Security for Microsoft Exchange Server | >=9.0<9.0.10012.0 | |
| ESET Mail Security for IBM Domino | >=9.0<9.0.14008.0 | |
| ESET Mail Security for Microsoft Exchange Server | >=10.0<10.0.10018.0 | |
| ESET Mail Security for IBM Domino | >=10.0<10.0.14007.0 | |
| ESET Mail Security for Microsoft Exchange Server | >=10.1<10.1.10014.0 | |
| ESET NOD32 Antivirus | <17.0.10.0 | |
| ESET Mail Security for Microsoft SharePoint Server | <7.3.15006.0 | |
| ESET Security | <17.0.10.0 | |
| ESET Mail Security for Microsoft SharePoint Server | >=8.0<8.0.15012.0 | |
| ESET Mail Security for Microsoft SharePoint Server | >=9.0<9.0.15006.0 | |
| ESET Mail Security for Microsoft SharePoint Server | >=10.0<10.0.15005.0 | |
| ESET File Security for Windows Server | <7.3.12013.0 | |
| ESET File Security for Windows Server | >=8.0<8.0.12016.0 | |
| ESET File Security for Windows Server | >=9.0<9.0.12019.0 | |
| ESET File Security for Windows Server | >=10.0<10.0.12015.0 | |
| ESET Smart Security for Windows | <17.0.10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed
- https://packetstormsecurity.com/files/179495/ESET-NOD32-Antivirus-17.2.7.0-Unquoted-Service-Path.html
- https://packetstormsecurity.com/files/182464/ESET-NOD32-Antivirus-18.0.12.0-Unquoted-Service-Path.html
Frequently Asked Questions
What is the severity of CVE-2024-0353?
CVE-2024-0353 is classified as a local privilege escalation vulnerability.
How do I fix CVE-2024-0353?
To fix CVE-2024-0353, ensure that you update your ESET software to the latest version provided by ESET.
What products are affected by CVE-2024-0353?
CVE-2024-0353 affects several ESET products including ESET Endpoint Antivirus, ESET Internet Security, and ESET File Security.
Can CVE-2024-0353 allow unauthorized file deletions?
Yes, CVE-2024-0353 may allow an attacker to misuse file operations to delete files without the appropriate permissions.
Is there a public advisory for CVE-2024-0353?
Yes, ESET has issued a customer advisory regarding CVE-2024-0353 that details the vulnerability and recommended actions.
- agent/weakness
- agent/title
- agent/first-publish-date
- agent/description
- agent/type
- agent/severity
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/source
- agent/last-modified-date
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- vendor/eset
- canonical/eset eset
- canonical/eset endpoint antivirus windows
- version/eset endpoint antivirus windows/9.0
- version/eset endpoint antivirus windows/10.0
- version/eset endpoint antivirus windows/10.1
- version/eset endpoint antivirus windows/11.0
- canonical/eset endpoint security windows
- version/eset endpoint security windows/9.0
- version/eset endpoint security windows/10.0
- version/eset endpoint security windows/10.1
- version/eset endpoint security windows/11.0
- canonical/eset file security for azure
- canonical/eset internet security
- canonical/eset mail security for microsoft exchange server
- canonical/eset mail security for ibm domino
- version/eset mail security for microsoft exchange server/8.0
- version/eset mail security for ibm domino/8.0
- version/eset mail security for microsoft exchange server/9.0
- version/eset mail security for ibm domino/9.0
- version/eset mail security for microsoft exchange server/10.0
- version/eset mail security for ibm domino/10.0
- version/eset mail security for microsoft exchange server/10.1
- canonical/eset nod32 antivirus
- canonical/eset mail security for microsoft sharepoint server
- canonical/eset security
- version/eset mail security for microsoft sharepoint server/8.0
- version/eset mail security for microsoft sharepoint server/9.0
- version/eset mail security for microsoft sharepoint server/10.0
- canonical/eset file security for windows server
- version/eset file security for windows server/8.0
- version/eset file security for windows server/9.0
- version/eset file security for windows server/10.0
- canonical/eset smart security for windows