CVE-2023-2847 HIGH

CVE-2023-2847: Local privilege escalation in ESET products for Linux and MacOS

Weakness CWE-269
Published June 15, 2023
Last update December 12, 2024

CVSS base score

7.8/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

During internal security analysis, a local privilege escalation vulnerability has been identified. On a machine with the affected ESET product installed, it was possible for a user with lower privileges due to improper privilege management to trigger actions with root privileges. ESET remedied this possible attack vector and has prepared new builds of its products that are no longer susceptible to this vulnerability.

Key dates

02Disclosure timeline

June 15, 2023 CVE published
December 12, 2024 Record updated