{"id":168795,"date":"2024-09-23T17:43:59","date_gmt":"2024-09-23T17:43:59","guid":{"rendered":"https:\/\/securityaffairs.com\/?p=168795"},"modified":"2024-09-23T17:44:01","modified_gmt":"2024-09-23T17:44:01","slug":"eset-local-privilege-escalation-vulnerabilities","status":"publish","type":"post","link":"https:\/\/securityaffairs.com\/168795\/security\/eset-local-privilege-escalation-vulnerabilities.html","title":{"rendered":"ESET fixed two privilege escalation flaws in its products"},"content":{"rendered":"
<\/div>\n

ESET addressed two local privilege escalation vulnerabilities in security products for Windows and macOS operating systems.<\/h2>\n\n\n\n

Cybersecurity firm ESET released security patches for two local privilege escalation vulnerabilities impacting Windows and macOS products.<\/p>\n\n\n\n

The first vulnerability, tracked as CVE-2024-7400 (CVSS score of 7.3), could allow an attacker to misuse ESET\u2019s file operations during the removal of a detected file to delete files without having proper permissions to do so.<\/p>\n\n\n\n

The vulnerability impacts Windows OS, Positive Technologies Dmitriy Zuzlov reported the issue to ESET.<\/p>\n\n\n\n

“The vulnerability in the file operations handling during the removal of a detected file potentially allowed an attacker with an ability to execute low-privileged code on the target system to delete arbitrary files, thus escalating their privileges.” reads<\/strong><\/a> the advisory. “ESET fixed the issue in the Cleaner module 1251, which was distributed automatically to ESET customers along with Detection engine updates. No action stemming from this advisory is required to be taken by ESET customers.”<\/em><\/p>\n\n\n\n

The vulnerability impacts the following programs and versions:<\/p>\n\n\n\n