Vulnerability Details : CVE-2023-2847
During internal security analysis, a local privilege escalation vulnerability has been identified. On a machine with the affected ESET product installed, it was possible for a user with lower privileges due to improper privilege management to trigger actions with root privileges.
ESET remedied this possible attack vector and has prepared new builds of its products that are no longer susceptible to this vulnerability.
Vulnerability category: Gain privilege
Products affected by CVE-2023-2847
- cpe:2.3:a:eset:endpoint_antivirus:*:*:*:*:*:macos:*:*
- cpe:2.3:a:eset:endpoint_antivirus:*:*:*:*:*:linux_kernel:*:*
- Eset » Endpoint Antivirus » For Linux KernelVersions from including (>=) 9.1.4.0 and before (<) 9.1.11.0cpe:2.3:a:eset:endpoint_antivirus:*:*:*:*:*:linux_kernel:*:*
- Eset » Endpoint Antivirus » For Linux KernelVersions from including (>=) 9.0.5.0 and before (<) 9.0.10.0cpe:2.3:a:eset:endpoint_antivirus:*:*:*:*:*:linux_kernel:*:*
- cpe:2.3:a:eset:cyber_security:*:*:*:*:*:*:*:*
- Eset » Server Security » For Linux KernelVersions from including (>=) 9.1.96.0 and before (<) 9.1.98.0cpe:2.3:a:eset:server_security:*:*:*:*:*:linux_kernel:*:*
- cpe:2.3:a:eset:server_security:*:*:*:*:*:linux_kernel:*:*
- Eset » Server Security » For Linux KernelVersions from including (>=) 9.0.464.0 and before (<) 9.0.466.0cpe:2.3:a:eset:server_security:*:*:*:*:*:linux_kernel:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-2847
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-2847
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H |
1.1
|
6.0
|
ESET |
CWE ids for CVE-2023-2847
-
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.Assigned by:
- nvd@nist.gov (Primary)
- security@eset.com (Secondary)
References for CVE-2023-2847
-
https://support.eset.com/en/ca8447
[CA8447] Customer Advisory: Local privilege escalation vulnerability in ESET products for Linux and macOS fixedVendor Advisory
Jump to