CVE-2022-27167

Privilege escalation vulnerability in Windows products of ESET, spol. s r.o. allows attacker to exploit "Repair" and "Uninstall" features what may lead to arbitrary file deletion. This issue affects: ESET, spol. s r.o. ESET NOD32 Antivirus 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Internet Security 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Smart Security Premium 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Endpoint Antivirus 6.0 versions prior to 9.0.2046.0. ESET, spol. s r.o. ESET Endpoint Security 6.0 versions prior to 9.0.2046.0. ESET, spol. s r.o. ESET Server Security for Microsoft Windows Server 8.0 versions prior to 9.0.12012.0. ESET, spol. s r.o. ESET File Security for Microsoft Windows Server 8.0.12013.0. ESET, spol. s r.o. ESET Mail Security for Microsoft Exchange Server 6.0 versions prior to 8.0.10020.0. ESET, spol. s r.o. ESET Mail Security for IBM Domino 6.0 versions prior to 8.0.14011.0. ESET, spol. s r.o. ESET Security for Microsoft SharePoint Server 6.0 versions prior to 8.0.15009.0.

Published: May 10, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-27167
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.1
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

CVSS v2:

Severity: Low
Score: 3.6
AV:L/AC:L/Au:N/C:N/I:P/A:P

CWEs:

CWE-755

Affected Software
References

Software	From	Fixed in
eset / smart_security	11.2	15.1.12.0
eset / internet_security	11.2	15.1.12.0
eset / nod32_antivirus	11.2	15.1.12.0
eset / endpoint_antivirus	9.0	9.0.2046.0
eset / endpoint_antivirus	8.1	8.1.2050.0
eset / endpoint_antivirus	6.0	8.0.2053.0
eset / endpoint_security	9.0	9.0.2046.0
eset / endpoint_security	8.1	8.1.2050.0
eset / endpoint_security	6.0	8.0.2053.0
eset / security	6.0	8.0.15009.0
eset / mail_security	6.0	8.0.14011.0
eset / mail_security	6.0	8.0.10020.0
eset / server_security	6.0	6.0.x
eset / file_security	6.0	8.0.12013.0
eset / server_security	8.0	9.0.12012.0

https://support.eset.com/en/ca8268

Vulnerability Database

289,599

CVE-2022-27167