Friend
Professional
- Messages
- 2,653
- Reaction score
- 850
- Points
- 113
The problems affected both home and corporate solutions.
ESET has fixed two privilege escalation vulnerabilities in its products for Windows and macOS operating systems. These vulnerabilities allowed attackers to gain unauthorized access to system resources.
The first vulnerability, with the identifier CVE-2024-7400 and a CVSS score of 7.3, concerns Windows products. It allows an attacker to delete files without the appropriate permissions by using the operation to delete detected malicious files.
The vulnerability was identified by Positive Technologies specialist Dmitry Zuzlov. The fix was implemented in the Cleaner 1251 module, which was automatically updated for all ESET customers.
CVE-2024-7400 affected several of the company's products, including ESET NOD32 Antivirus, ESET Internet Security, ESET Endpoint Security, as well as server solutions, including ESET File Security for Microsoft Azure and ESET Mail Security for Microsoft Exchange Server.
The Cleaner update was released on August 1 for test users, and on August 12 for all others. Customers who regularly update ESET products do not need to take any additional action. For new installations, it is recommended to download the current versions from the official website.
The second vulnerability, designated as CVE-2024-6654 (CVSS score 6.8), affects macOS products. It allows a low-privileged user to perform a denial-of-service (DoS) attack, which can disable ESET's antivirus product and slow down the system. The problem is related to the possibility of creating a symbolic link to a certain directory, which prevents the antivirus from loading correctly.
This vulnerability affects ESET Cyber Security 7.0-7.4 and ESET Endpoint Antivirus for macOS. To address this issue, updates were released to versions 7.5.74.0 and 8.0.7200.0, respectively. At this time, ESET does not have any public exploits for these vulnerabilities.
Source
ESET has fixed two privilege escalation vulnerabilities in its products for Windows and macOS operating systems. These vulnerabilities allowed attackers to gain unauthorized access to system resources.
The first vulnerability, with the identifier CVE-2024-7400 and a CVSS score of 7.3, concerns Windows products. It allows an attacker to delete files without the appropriate permissions by using the operation to delete detected malicious files.
The vulnerability was identified by Positive Technologies specialist Dmitry Zuzlov. The fix was implemented in the Cleaner 1251 module, which was automatically updated for all ESET customers.
CVE-2024-7400 affected several of the company's products, including ESET NOD32 Antivirus, ESET Internet Security, ESET Endpoint Security, as well as server solutions, including ESET File Security for Microsoft Azure and ESET Mail Security for Microsoft Exchange Server.
The Cleaner update was released on August 1 for test users, and on August 12 for all others. Customers who regularly update ESET products do not need to take any additional action. For new installations, it is recommended to download the current versions from the official website.
The second vulnerability, designated as CVE-2024-6654 (CVSS score 6.8), affects macOS products. It allows a low-privileged user to perform a denial-of-service (DoS) attack, which can disable ESET's antivirus product and slow down the system. The problem is related to the possibility of creating a symbolic link to a certain directory, which prevents the antivirus from loading correctly.
This vulnerability affects ESET Cyber Security 7.0-7.4 and ESET Endpoint Antivirus for macOS. To address this issue, updates were released to versions 7.5.74.0 and 8.0.7200.0, respectively. At this time, ESET does not have any public exploits for these vulnerabilities.
Source
