CVE-2023-7043 - OpenCVE

Unquoted service path in ESET products allows to drop a prepared program to a specific location and run on boot with the NT AUTHORITY\NetworkService permissions.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Eset	Mail Security Smart Security Premium Endpoint Antivirus Nod32 Antivirus Internet Security Endpoint Security

Configuration 1 [-]

OR	cpe:2.3:a:eset:endpoint_antivirus::::::::
	cpe:2.3:a:eset:endpoint_security::::::::
	cpe:2.3:a:eset:internet_security::::::::
	cpe:2.3:a:eset:mail_security:10.1.10012.0:::::exchange_server::
	cpe:2.3:a:eset:nod32_antivirus::::::::
	cpe:2.3:a:eset:smart_security_premium::::::::

References

Link	Resource
https://support.eset.com/en/ca8602	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: ESET

Published: 2024-01-31T12:51:38.253Z

Updated: 2024-01-31T12:52:10.301Z

Reserved: 2023-12-21T12:14:56.731Z

Link: CVE-2023-7043

JSON object: View

NVD Information

Status : Analyzed

Published: 2024-01-31T13:15:10.147

Modified: 2024-02-09T01:00:15.637

Link: CVE-2023-7043

JSON object: View

Redhat Information

No data.

CWE

CWE-428

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-7043", "assignerOrgId": "4a9b9929-2450-4021-b7b9-469a0255b215", "state": "PUBLISHED", "assignerShortName": "ESET", "dateReserved": "2023-12-21T12:14:56.731Z", "datePublished": "2024-01-31T12:51:38.253Z", "dateUpdated": "2024-01-31T12:52:10.301Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ESET Endpoint Security", "vendor": "ESET, spol. s r.o.", "versions": [{"lessThanOrEqual": "10.1.2063.x", "status": "affected", "version": "10.1.2046.x", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "ESET Endpoint Antivirus", "vendor": "ESET, spol. s r.o.", "versions": [{"lessThanOrEqual": "10.1.2063.x", "status": "affected", "version": "10.1.2046.x", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "ESET NOD32 Antivirus", "vendor": "ESET, spol. s r.o.", "versions": [{"lessThanOrEqual": "16.2.15.0", "status": "affected", "version": "16.1.14.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "ESET Internet Security", "vendor": "ESET, spol. s r.o.", "versions": [{"lessThanOrEqual": "16.2.15.0", "status": "affected", "version": "16.1.14.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "ESET Smart Security Premium", "vendor": "ESET, spol. s r.o.", "versions": [{"lessThanOrEqual": "16.2.15.0", "status": "affected", "version": "16.1.14.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "ESET Mail Security for Microsoft Exchange Server", "vendor": "ESET, spol. s r.o.", "versions": [{"status": "affected", "version": "10.1.10012.0"}]}], "datePublic": "2024-01-26T11:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Unquoted service path in ESET products allows to \n\n<span style=\"background-color: rgb(255, 255, 255);\">drop a prepared program to a specific location</span> and <span style=\"background-color: rgb(255, 255, 255);\">run on boot with </span><span style=\"background-color: rgb(255, 255, 255);\">the \n\nNT AUTHORITY\\NetworkService permissions.</span>"}], "value": "Unquoted service path in ESET products allows to \n\ndrop a prepared program to a specific location\u00a0and\u00a0run on boot with the \n\nNT AUTHORITY\\NetworkService\u00a0permissions."}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-428", "description": "CWE-428 Unquoted Search Path or Element", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "4a9b9929-2450-4021-b7b9-469a0255b215", "shortName": "ESET", "dateUpdated": "2024-01-31T12:52:10.301Z"}, "references": [{"url": "https://support.eset.com/en/ca8602"}], "source": {"advisory": "ca8602", "discovery": "UNKNOWN"}, "title": "Unquoted path privilege vulnerability in ESET products for Windows", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:eset:endpoint_antivirus:*:*:*:*:*:*:*:*", "matchCriteriaId": "50677A92-50F3-4020-BC55-B3C6FDB4511D", "versionEndExcluding": "11.0.2032.0", "versionStartIncluding": "10.1.2046.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:eset:endpoint_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "74708E09-04BF-47C1-88A9-B2A0C0FCF3B7", "versionEndExcluding": "11.0.2032.0", "versionStartIncluding": "10.1.2046.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:eset:internet_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "84EF91DD-15F6-4EF8-8B5F-C4CF4DBCBDF9", "versionEndExcluding": "17.0.15.0", "versionStartIncluding": "16.1.14.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:eset:mail_security:10.1.10012.0:*:*:*:*:exchange_server:*:*", "matchCriteriaId": "18A15279-74DB-487D-A585-BB07482505E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:eset:nod32_antivirus:*:*:*:*:*:*:*:*", "matchCriteriaId": "D18A8A98-430B-495B-AAD9-8198E995F77E", "versionEndExcluding": "17.0.15.0", "versionStartIncluding": "16.1.14.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:eset:smart_security_premium:*:*:*:*:*:*:*:*", "matchCriteriaId": "555830F1-6B12-44F7-B912-9061E0EB6E46", "versionEndExcluding": "17.0.15.0", "versionStartIncluding": "16.1.14.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Unquoted service path in ESET products allows to \n\ndrop a prepared program to a specific location\u00a0and\u00a0run on boot with the \n\nNT AUTHORITY\\NetworkService\u00a0permissions."}, {"lang": "es", "value": "La ruta de servicio sin comillas en los productos ESET permite colocar un programa preparado en una ubicaci\u00f3n espec\u00edfica y ejecutarlo al arrancar con los permisos NT AUTHORITY\\NetworkService."}], "id": "CVE-2023-7043", "lastModified": "2024-02-09T01:00:15.637", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "security@eset.com", "type": "Secondary"}]}, "published": "2024-01-31T13:15:10.147", "references": [{"source": "security@eset.com", "tags": ["Vendor Advisory"], "url": "https://support.eset.com/en/ca8602"}], "sourceIdentifier": "security@eset.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-428"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-428"}], "source": "security@eset.com", "type": "Secondary"}]}