CVE-2023-7043 LOW

CVE-2023-7043: Unquoted path privilege vulnerability in ESET products for Windows

Vendor Eset, Spol. S R.o.
Product ESET Endpoint Security
Weakness CWE-428
Published January 31, 2024
Last update October 17, 2024

CVSS base score

3.3/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

Unquoted service path in ESET products allows to drop a prepared program to a specific location and run on boot with the NT AUTHORITY\NetworkService permissions.

Key dates

02Disclosure timeline

January 31, 2024 CVE published
October 17, 2024 Record updated