CVE-2021-37850 - OpenCVE

ESET was made aware of a vulnerability in its consumer and business products for macOS that enables a user logged on to the system to stop the ESET daemon, effectively disabling the protection of the ESET security product until a system reboot.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:L/AC:L/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Eset	Cyber Security Endpoint Antivirus Endpoint Security

Configuration 1 [-]

OR	cpe:2.3:a:eset:cyber_security:::::-:macos::
	cpe:2.3:a:eset:cyber_security:::::pro:macos::
	cpe:2.3:a:eset:endpoint_antivirus:::::-:macos::
	cpe:2.3:a:eset:endpoint_security:::::-:macos::

References

Link	Resource
https://support.eset.com/en/ca8151	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: ESET

Published: 2021-11-08T13:35:49

Updated: 2021-11-08T13:35:49

Reserved: 2021-08-02T00:00:00

Link: CVE-2021-37850

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-11-08T14:15:08.037

Modified: 2021-11-09T14:10:01.357

Link: CVE-2021-37850

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "ESET Cyber Security", "vendor": "ESET, spol. s r.o.", "versions": [{"lessThanOrEqual": "6.10.700", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "ESET Cyber Security Pro", "vendor": "ESET, spol. s r.o.", "versions": [{"lessThan": "6.10.700", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "ESET Endpoint Antivirus for macOS", "vendor": "ESET, spol. s r.o.", "versions": [{"lessThan": "6.10.910.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "ESET Endpoint Security for macOS", "vendor": "ESET, spol. s r.o.", "versions": [{"lessThan": "6.10.910.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "ESET values the principles of responsible disclosure within the security industry and would like to express our thanks to Teiei Shu (\u5ef7\u53e1 \u5468) who reported this issue."}], "descriptions": [{"lang": "en", "value": "ESET was made aware of a vulnerability in its consumer and business products for macOS that enables a user logged on to the system to stop the ESET daemon, effectively disabling the protection of the ESET security product until a system reboot."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Denial Of Service", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-11-08T13:35:49", "orgId": "4a9b9929-2450-4021-b7b9-469a0255b215", "shortName": "ESET"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.eset.com/en/ca8151"}], "source": {"discovery": "EXTERNAL"}, "title": "Denial of service in ESET for Mac products", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@eset.com", "ID": "CVE-2021-37850", "STATE": "PUBLIC", "TITLE": "Denial of service in ESET for Mac products"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "ESET Cyber Security", "version": {"version_data": [{"version_affected": "<=", "version_value": "6.10.700"}]}}, {"product_name": "ESET Cyber Security Pro", "version": {"version_data": [{"version_affected": "<", "version_value": "6.10.700"}]}}, {"product_name": "ESET Endpoint Antivirus for macOS", "version": {"version_data": [{"version_affected": "<", "version_value": "6.10.910.0"}]}}, {"product_name": "ESET Endpoint Security for macOS", "version": {"version_data": [{"version_affected": "<", "version_value": "6.10.910.0"}]}}]}, "vendor_name": "ESET, spol. s r.o."}]}}, "credit": [{"lang": "eng", "value": "ESET values the principles of responsible disclosure within the security industry and would like to express our thanks to Teiei Shu (\u5ef7\u53e1 \u5468) who reported this issue."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "ESET was made aware of a vulnerability in its consumer and business products for macOS that enables a user logged on to the system to stop the ESET daemon, effectively disabling the protection of the ESET security product until a system reboot."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Denial Of Service"}]}]}, "references": {"reference_data": [{"name": "https://support.eset.com/en/ca8151", "refsource": "MISC", "url": "https://support.eset.com/en/ca8151"}]}, "source": {"discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "4a9b9929-2450-4021-b7b9-469a0255b215", "assignerShortName": "ESET", "cveId": "CVE-2021-37850", "datePublished": "2021-11-08T13:35:49", "dateReserved": "2021-08-02T00:00:00", "dateUpdated": "2021-11-08T13:35:49", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:eset:cyber_security:*:*:*:*:-:macos:*:*", "matchCriteriaId": "47B7D44D-DB8F-4C1F-A13B-0DB9B1A2E17D", "versionEndIncluding": "6.10.700", "vulnerable": true}, {"criteria": "cpe:2.3:a:eset:cyber_security:*:*:*:*:pro:macos:*:*", "matchCriteriaId": "3F714A0A-410A-4531-966E-4443585E6577", "versionEndIncluding": "6.10.700", "vulnerable": true}, {"criteria": "cpe:2.3:a:eset:endpoint_antivirus:*:*:*:*:-:macos:*:*", "matchCriteriaId": "DB9F6E12-07C5-4D10-94ED-7F9B2900F8AA", "versionEndIncluding": "6.10.910.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:eset:endpoint_security:*:*:*:*:-:macos:*:*", "matchCriteriaId": "B5C5CD3B-1CEA-4E53-ABA5-C53F6F2ACABB", "versionEndIncluding": "6.10.910.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "ESET was made aware of a vulnerability in its consumer and business products for macOS that enables a user logged on to the system to stop the ESET daemon, effectively disabling the protection of the ESET security product until a system reboot."}, {"lang": "es", "value": "ESET se dio cuenta de una vulnerabilidad en sus productos de consumo y empresariales para macOS que permite a un usuario conectado al sistema detener el demonio de ESET, deshabilitando efectivamente la protecci\u00f3n del producto de seguridad de ESET hasta un reinicio del sistema"}], "id": "CVE-2021-37850", "lastModified": "2021-11-09T14:10:01.357", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "security@eset.com", "type": "Secondary"}]}, "published": "2021-11-08T14:15:08.037", "references": [{"source": "security@eset.com", "tags": ["Vendor Advisory"], "url": "https://support.eset.com/en/ca8151"}], "sourceIdentifier": "security@eset.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}