ASA-2019-00564 – ESET Cyber Security, Endpoint Antivirus and Endpoint Security: Local privilege escalation vulnerability

Posted on by Allele Security Intelligence in Alerts

Allele Security Alert

ASA-2019-00564

Identifier(s)

ASA-2019-00564, CVE-2019-16519, CA7317

Title

Local privilege escalation vulnerability

Vendor(s)

ESET

Product(s)

ESET Cyber Security

ESET Endpoint Antivirus

ESET Endpoint Security

Affected version(s)

ESET Cyber Security versions before 6.7.900.0

ESET Cyber Security Pro versions before 6.7.900.0

ESET Endpoint Antivirus for macOS versions before 6.7.900.0

ESET Endpoint Security for macOS versions before 6.7.900.0

Fixed version(s)

ESET Cyber Security version 6.8.1.0

ESET Cyber Security Pro version 6.8.1.0

ESET Endpoint Antivirus for macOS version 6.8.1.0

ESET Endpoint Security for macOS version 6.8.1.0

Proof of concept

Unknown

Description

It was possible for an attacker to misuse the communication channel between the ESET GUI and the ESET daemon to send a command to alter the configuration. This was possible due to a flaw in the process used to verify the user sending the command.

Technical details

Unknown

Credits

Cees Elzinga (Langkjaer Cyber Defence A/S)

Reference(s)

Local privilege escalation vulnerability in ESET products for macOS fixed
http://support.eset.com/ca7317/?viewlocale=en_US

CVE-2019-16519
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16519

CVE-2019-16519
https://nvd.nist.gov/vuln/detail/CVE-2019-16519

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: October 14, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.