Denial of service in ESET for Mac products
CVE-2021-37850

5.5MEDIUM

Key Information:

Vendor: Eset, Spol. S R.o.
Status: Eset Cyber Security; Eset Cyber Security Pro; Eset Endpoint Antivirus For Mac OS; Eset Endpoint Security For Mac OS
Vendor: CVE Published:; 8 November 2021

What is CVE-2021-37850?

ESET was made aware of a vulnerability in its consumer and business products for macOS that enables a user logged on to the system to stop the ESET daemon, effectively disabling the protection of the ESET security product until a system reboot.

Affected Version(s)

ESET Cyber Security <= 6.10.700

ESET Cyber Security Pro < 6.10.700

ESET Endpoint Antivirus for macOS < 6.10.910.0

References

https://support.eset.com/en/ca8151

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 8, 2021
Vulnerability Reserved
Aug 2, 2021

Credit

ESET values the principles of responsible disclosure within the security industry and would like to express our thanks to Teiei Shu (廷叡周) who reported this issue.

Eset, Spol. S R.o.

What is CVE-2021-37850?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit