CVE-2023-7043— Unquoted path privilege vulnerability in ESET products for Windows

CVSS 3.3 · Low EPSS 0.06% · P18 Updated Jan 25, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-7043

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Unquoted path privilege vulnerability in ESET products for Windows

Source: NVD (National Vulnerability Database)

Vulnerability Description

Unquoted service path in ESET products allows to drop a prepared program to a specific location and run on boot with the NT AUTHORITY\NetworkService permissions.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

未经引用的搜索路径或元素

Source: NVD (National Vulnerability Database)

Vulnerability Title

ESET Endpoint Security和ESET Endpoint Antivirus 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

ESET Endpoint Antivirus和ESET Endpoint Security都是斯洛伐克ESET公司的产品。ESET Endpoint Antivirus是一个适用于中小型和大型企业的内部部署和基于云的反恶意软件和安全套件。用于反恶意软件、远程管理、端点安全、文件安全、防火墙、虚拟化安全、邮件安全、网络控制和机器人保护。ESET Endpoint Security是一种端点保护。用于消除恶意软件和网络钓鱼，在数据被盗时保护数据，并提供应用程序控制和其他高级功能。 ESET Endpoint

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE
ESET, spol. s r.o.	ESET Endpoint Security	10.1.2046.x ~ 10.1.2063.x	-
ESET, spol. s r.o.	ESET Endpoint Antivirus	10.1.2046.x ~ 10.1.2063.x	-
ESET, spol. s r.o.	ESET NOD32 Antivirus	16.1.14.0 ~ 16.2.15.0	-
ESET, spol. s r.o.	ESET Internet Security	16.1.14.0 ~ 16.2.15.0	-
ESET, spol. s r.o.	ESET Smart Security Premium	16.1.14.0 ~ 16.2.15.0	-
ESET, spol. s r.o.	ESET Mail Security for Microsoft Exchange Server	10.1.10012.0	-

II. Public POCs for CVE-2023-7043

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2023-7043

请登录查看更多情报信息。

IV. Related Vulnerabilities

Same vendor: ESET, spol. s r.o.

Same weakness: CWE-428

V. Comments for CVE-2023-7043

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2023-7043— Unquoted path privilege vulnerability in ESET products for Windows

I. Basic Information for CVE-2023-7043

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2023-7043

III. Intelligence Information for CVE-2023-7043

IV. Related Vulnerabilities

V. Comments for CVE-2023-7043

Leave a comment