CVE-2022-27167 — HIGH (7.1)

Q: How severe is CVE-2022-27167?

CVE-2022-27167 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-27167?

Check the references section above for vendor advisories and patch information. Affected products include: Eset Endpoint Antivirus, Eset Endpoint Security, Eset File Security, Eset Internet Security, Eset Mail Security.

Vulnerability Description

Privilege escalation vulnerability in Windows products of ESET, spol. s r.o. allows attacker to exploit "Repair" and "Uninstall" features what may lead to arbitrary file deletion. This issue affects: ESET, spol. s r.o. ESET NOD32 Antivirus 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Internet Security 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Smart Security Premium 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Endpoint Antivirus 6.0 versions prior to 9.0.2046.0. ESET, spol. s r.o. ESET Endpoint Security 6.0 versions prior to 9.0.2046.0. ESET, spol. s r.o. ESET Server Security for Microsoft Windows Server 8.0 versions prior to 9.0.12012.0. ESET, spol. s r.o. ESET File Security for Microsoft Windows Server 8.0.12013.0. ESET, spol. s r.o. ESET Mail Security for Microsoft Exchange Server 6.0 versions prior to 8.0.10020.0. ESET, spol. s r.o. ESET Mail Security for IBM Domino 6.0 versions prior to 8.0.14011.0. ESET, spol. s r.o. ESET Security for Microsoft SharePoint Server 6.0 versions prior to 8.0.15009.0.

CVSS Score

7.1

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Eset	Endpoint Antivirus	>= 6.0, < 8.0.2053.0
Eset	Endpoint Security	>= 6.0, < 8.0.2053.0
Eset	File Security	>= 6.0, < 8.0.12013.0
Eset	Internet Security	>= 11.2, < 15.1.12.0
Eset	Mail Security	>= 6.0, < 8.0.10020.0
Eset	Nod32 Antivirus	>= 11.2, < 15.1.12.0
Eset	Security	>= 6.0, < 8.0.15009.0
Eset	Server Security	>= 6.0
Eset	Smart Security	>= 11.2, < 15.1.12.0

Related Weaknesses (CWE)

CWE-280 CWE-755

References

https://support.eset.com/en/ca8268Vendor Advisory
https://support.eset.com/en/ca8268Vendor Advisory

FAQ

What is CVE-2022-27167?

CVE-2022-27167 is a vulnerability with a CVSS score of 7.1 (HIGH). Privilege escalation vulnerability in Windows products of ESET, spol. s r.o. allows attacker to exploit "Repair" and "Uninstall" features what may lead to arbitrary file deletion. This issue affects: ...

How severe is CVE-2022-27167?

CVE-2022-27167 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-27167?

Check the references section above for vendor advisories and patch information. Affected products include: Eset Endpoint Antivirus, Eset Endpoint Security, Eset File Security, Eset Internet Security, Eset Mail Security.