Local privilege escalation in security products for Windows
CVE-2023-3160

7.8HIGH

Key Information:

Vendor: Eset, Spol. S R.o.
Status: Eset Nod32 Antivirus; Eset Internet Security; Eset Smart Security Premium; Eset Endpoint Antivirus
Vendor: CVE Published:; 14 August 2023

What is CVE-2023-3160?

An issue in ESET’s module update process could allow an attacker to improperly manipulate file operations. This may result in the deletion or movement of files without the necessary permissions, potentially leading to unauthorized access or data loss. Organizations using ESET’s products should be aware of this vulnerability and take appropriate measures to mitigate risks.

Affected Version(s)

ESET Endpoint Antivirus 1463

ESET Endpoint Security 1463

ESET Internet Security 1463

References

https://support.eset.com/en/ca8466

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 14, 2023
Vulnerability Reserved
Jun 8, 2023

Eset, Spol. S R.o.

What is CVE-2023-3160?

Affected Version(s)

References

CVSS V3.1

Timeline