Products
ESET Antivirus
Source
security@eset.com
Tags
CVE-2024-7400 details
Published : Sept. 27, 2024, 7:15 a.m.
Last Modified : Sept. 27, 2024, 7:15 a.m.
Last Modified : Sept. 27, 2024, 7:15 a.m.
Description
The vulnerability potentially allowed an attacker to misuse ESET’s file operations during the removal of a detected file on the Windows operating system to delete files without having proper permissions to do so.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-1386 | Insecure Operation on Windows Junction / Mount Point | The product opens a file or directory, but it does not properly prevent the name from being associated with a junction or mount point to a destination that is outside of the intended control sphere. |
References
| URL | Source |
|---|---|
| https://support.eset.com/en/ca8726-local-privilege-escalation-fixed-for-vulnerability-during-detected-file-removal-in-eset-products-for-windows | security@eset.com |
This website uses the NVD API, but is not approved or certified by it.