CVE-2024-7400

Local privilege escalation in ESET products for Windows

Description

The vulnerability potentially allowed an attacker to misuse ESET’s file operations during the removal of a detected file on the Windows operating system to delete files without having proper permissions to do so.

References

Link	Tags
https://support.eset.com/en/ca8726-local-privilege-escalation-fixed-for-vulnerability-during-detected-file-removal-in-eset-products-for-windows

Frequently Asked Questions

What is the severity of CVE-2024-7400?: CVE-2024-7400 has been scored as a high severity vulnerability.
How to fix CVE-2024-7400?: To fix CVE-2024-7400, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-7400 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2024-7400 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-7400?: CVE-2024-7400 affects ESET, spol. s r.o. ESET NOD32 Antivirus, ESET, spol. s r.o. ESET Internet Security, ESET, spol. s r.o. ESET Smart Security Premium, ESET, spol. s r.o. ESET Security Ultimate, ESET, spol. s r.o. ESET Small Business Security, ESET, spol. s r.o. ESET Safe Server, ESET, spol. s r.o. ESET Endpoint Antivirus, ESET, spol. s r.o. ESET Endpoint Security for Windows, ESET, spol. s r.o. ESET Server Security for Windows Server, ESET, spol. s r.o. ESET Mail Security for Microsoft Exchange Server, ESET, spol. s r.o. ESET Mail Security for IBM Domino, ESET, spol. s r.o. ESET Security for Microsoft SharePoint Server, ESET, spol. s r.o. ESET File Security for Microsoft Azure.

Description

Category

CWE-1386 – Insecure Operation on Windows Junction / Mount Point

References

Frequently Asked Questions