Hacking a victim via ESET AntiVirus and escalating privileges to administrator

Even the most experienced cybersecurity professionals are not immune to the risks posed by an environment that is always shifting and changing because of cybersecurity. ESET, a worldwide pioneer in the provision of cybersecurity solutions, has only lately uncovered a vulnerability in its Linux and macOS software that is of a very severe kind. The security vulnerability, which has been given the identification number CVE-2023-2847, is a local privilege escalation vulnerability. It has a CVSS v3.1 score of 7.8, which indicates that it has the potential to pose a high risk to users.

This possible vulnerability may have allowed inappropriate access and control to cybercriminals, placing sensitive data in jeopardy.During periodic security checks, ESET found the vulnerability, which highlights how important it is to have such frequent operations in order to keep the security and integrity of software systems intact. On a device that had the vulnerable ESET product installed, it was possible for a user with lesser rights to activate actions with root-level capabilities, which are the highest level of privileges available on the device. This is an intriguing possibility. This flaw made it possible for unscrupulous users to exploit computers in a variety of harmful ways, including gaining unauthorized access to data and taking control of available system resources.

Products such as ESET Server Security for Linux versions 9.1.96.0, 9.0.464.0, 8.1.820.0, and earlier, ESET Endpoint Antivirus for Linux versions 9.1.4.0, 9.0.5.0, 8.1.7.0 and earlier, ESET Cyber Security from version 7.3 to version 7.3.2100.0, and ESET Endpoint Antivirus for macOS from version 7.0 to version 7.2.1600.0 were all affected by this vulnerability.

Because of the nature of the issue, the risk was not confined to simply personal devices but also included business systems. On the other hand, the fact that no attacks that take use of the CVE-2023-2847 vulnerability have been documented in the wild is a bright spot in this cloudy picture. ESET has already created and issued updated versions of its products, which eliminates this vulnerability. This action serves as a demonstration of the company’s dedication to security.

Versions 9.1.98.0, 9.0.466.0, 8.1.823.0 and later of ESET Server Security for Linux, ESET Endpoint Antivirus for Linux versions 9.1.11.0, 9.0.10.0 and 8.1.12.0 and later, ESET Cyber Security 7.3.3700.0 and later, and ESET Endpoint Antivirus for macOS 7.3.3600.0 and later are the unaffected, and therefore safe to use, versions of ESET products.

As a result of this finding, customers who use ESET products that are vulnerable should immediately upgrade their software to the most recent version in order to protect their computers from any unauthorized usage that may occur.