CVE-2024-7400

The vulnerability potentially allowed an attacker to misuse ESET’s file operations during the removal of a detected file on the Windows operating system to delete files without having proper permissions to do so.

CVSS

No CVSS.

References

Link	Resource
https://support.eset.com/en/ca8726-local-privilege-escalation-fixed-for-vulnerability-during-detected-file-removal-in-eset-products-for-windows

Configurations

No configuration.

History

30 Sep 2024, 12:46

Type	Values Removed	Values Added
Summary		(es) La vulnerabilidad potencialmente permitió a un atacante hacer un mal uso de las operaciones de archivos de ESET durante la eliminación de un archivo detectado en el sistema operativo Windows para eliminar archivos sin tener los permisos adecuados para hacerlo.

27 Sep 2024, 07:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-27 07:15

Updated : 2024-09-30 12:46

NVD link : CVE-2024-7400

Mitre link : CVE-2024-7400

CVE.ORG link : CVE-2024-7400

JSON object : View

Products Affected

No product.

CWE

CWE-1386

Insecure Operation on Windows Junction / Mount Point

{"id": "CVE-2024-7400", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "security@eset.com", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 8.5, "automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "NONE", "vulnerableSystemIntegrity": "HIGH", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "HIGH", "subsequentSystemConfidentiality": "NONE", "vulnerableSystemConfidentiality": "HIGH", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-09-27T07:15:03.387", "references": [{"url": "https://support.eset.com/en/ca8726-local-privilege-escalation-fixed-for-vulnerability-during-detected-file-removal-in-eset-products-for-windows", "source": "security@eset.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security@eset.com", "description": [{"lang": "en", "value": "CWE-1386"}]}], "descriptions": [{"lang": "en", "value": "The vulnerability potentially allowed an attacker to misuse ESET\u2019s file operations during the removal of a detected file on the Windows operating system to delete files without having proper permissions to do so."}, {"lang": "es", "value": "La vulnerabilidad potencialmente permiti\u00f3 a un atacante hacer un mal uso de las operaciones de archivos de ESET durante la eliminaci\u00f3n de un archivo detectado en el sistema operativo Windows para eliminar archivos sin tener los permisos adecuados para hacerlo."}], "lastModified": "2024-09-30T12:46:20.237", "sourceIdentifier": "security@eset.com"}