Arbitrary File Deletion in ESET products for Windows
CVE-2022-27167

7.1HIGH

Key Information:

Vendor: Eset, Spol. S R.o.
Status: Eset Nod32 Antivirus; Eset Internet Security; Eset Smart Security Premium; Eset Endpoint Antivirus
Vendor: CVE Published:; 10 May 2022

What is CVE-2022-27167?

Privilege escalation vulnerability in Windows products of ESET, spol. s r.o. allows attacker to exploit "Repair" and "Uninstall" features what may lead to arbitrary file deletion. This issue affects: ESET, spol. s r.o. ESET NOD32 Antivirus 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Internet Security 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Smart Security Premium 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Endpoint Antivirus 6.0 versions prior to 9.0.2046.0. ESET, spol. s r.o. ESET Endpoint Security 6.0 versions prior to 9.0.2046.0. ESET, spol. s r.o. ESET Server Security for Microsoft Windows Server 8.0 versions prior to 9.0.12012.0. ESET, spol. s r.o. ESET File Security for Microsoft Windows Server 8.0.12013.0. ESET, spol. s r.o. ESET Mail Security for Microsoft Exchange Server 6.0 versions prior to 8.0.10020.0. ESET, spol. s r.o. ESET Mail Security for IBM Domino 6.0 versions prior to 8.0.14011.0. ESET, spol. s r.o. ESET Security for Microsoft SharePoint Server 6.0 versions prior to 8.0.15009.0.

Affected Version(s)

ESET Endpoint Antivirus 6.0 < 9.0.2046.0

ESET Endpoint Security 6.0 < 9.0.2046.0

ESET File Security for Microsoft Windows Server 6.0 8.0.12013.0

References

https://support.eset.com/en/ca8268

x_refsource_MISC

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 10, 2022
Vulnerability Reserved
Mar 14, 2022

Eset, Spol. S R.o.

What is CVE-2022-27167?

Affected Version(s)

References

CVSS V3.1

Timeline