Vulnerability Description
Unquoted service path in ESET products allows to drop a prepared program to a specific location and run on boot with the NT AUTHORITY\NetworkService permissions.
CVSS Score
3.3
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Eset | Endpoint Antivirus | >= 10.1.2046.0, < 11.0.2032.0 |
| Eset | Endpoint Security | >= 10.1.2046.0, < 11.0.2032.0 |
| Eset | Internet Security | >= 16.1.14.0, < 17.0.15.0 |
| Eset | Mail Security | 10.1.10012.0 |
| Eset | Nod32 Antivirus | >= 16.1.14.0, < 17.0.15.0 |
| Eset | Smart Security Premium | >= 16.1.14.0, < 17.0.15.0 |
Related Weaknesses (CWE)
References
- https://support.eset.com/en/ca8602Vendor Advisory
- https://support.eset.com/en/ca8602Vendor Advisory
FAQ
What is CVE-2023-7043?
CVE-2023-7043 is a vulnerability with a CVSS score of 3.3 (LOW). Unquoted service path in ESET products allows to drop a prepared program to a specific location and run on boot with the NT AUTHORITY\NetworkService permissions.
How severe is CVE-2023-7043?
CVE-2023-7043 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-7043?
Check the references section above for vendor advisories and patch information. Affected products include: Eset Endpoint Antivirus, Eset Endpoint Security, Eset Internet Security, Eset Mail Security, Eset Nod32 Antivirus.