CVE-2024-3779

Denial of service vulnerability present shortly after product installation or upgrade, potentially allowed an attacker to render ESET’s security product inoperable, provided non-default preconditions were met.

CVSS v3 6.1 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 4.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.eset.com/en/ca8688	Vendor Advisory
https://support.eset.com/en/ca8688	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:eset:internet_security::::::::
	cpe:2.3:a:eset:nod32::::::::
	cpe:2.3:a:eset:security:::::ultimate:::*
	cpe:2.3:a:eset:smart_security:::::premium:::*

Configuration 2 (hide)

OR	cpe:2.3:a:eset:endpoint_antivirus::::::windows::*
	cpe:2.3:a:eset:endpoint_security::::::windows::*

Configuration 3 (hide)

cpe:2.3:a:eset:server_security:*:*:*:*:*:windows_server:*:*

Configuration 4 (hide)

cpe:2.3:a:eset:mail_security:*:*:*:*:*:exchange_server:*:*

Configuration 5 (hide)

cpe:2.3:a:eset:mail_security:-:*:*:*:*:domino:*:*

Configuration 6 (hide)

cpe:2.3:a:eset:security:*:*:*:*:*:sharepoint_server:*:*

History

No history.

Information

Published : 2024-07-16 09:15

Updated : 2024-11-21 09:30

NVD link : CVE-2024-3779

Mitre link : CVE-2024-3779

CVE.ORG link : CVE-2024-3779

JSON object : View

Products Affected

eset

smart_security
nod32
endpoint_antivirus
internet_security
mail_security
server_security
security
endpoint_security

CWE

CWE-276

Incorrect Default Permissions

{"id": "CVE-2024-3779", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@eset.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 4.2, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-07-16T09:15:02.877", "references": [{"url": "https://support.eset.com/en/ca8688", "tags": ["Vendor Advisory"], "source": "security@eset.com"}, {"url": "https://support.eset.com/en/ca8688", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security@eset.com", "description": [{"lang": "en", "value": "CWE-276"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-276"}]}], "descriptions": [{"lang": "en", "value": "Denial of service vulnerability present shortly after product installation or upgrade, potentially allowed an attacker to render ESET\u2019s security product inoperable, provided non-default preconditions were met."}, {"lang": "es", "value": "La vulnerabilidad de denegaci\u00f3n de servicio presente poco despu\u00e9s de la instalaci\u00f3n o actualizaci\u00f3n del producto, potencialmente permiti\u00f3 que un atacante dejara inoperable el producto de seguridad de ESET, siempre que se cumplieran condiciones previas no predeterminadas."}], "lastModified": "2024-11-21T09:30:22.927", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:eset:internet_security:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B883CA27-1FC9-4AF6-9BBD-6FC41DE3A667", "versionEndExcluding": "17.2.7.0"}, {"criteria": "cpe:2.3:a:eset:nod32:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "620325BE-DDE6-4ADE-BB6A-36CA8E48A30A", "versionEndExcluding": "17.2.7.0"}, {"criteria": "cpe:2.3:a:eset:security:*:*:*:*:ultimate:*:*:*", "vulnerable": true, "matchCriteriaId": "0EB1BEC6-15AD-4B95-A954-814594AE8FCB", "versionEndExcluding": "17.2.7.0"}, {"criteria": "cpe:2.3:a:eset:smart_security:*:*:*:*:premium:*:*:*", "vulnerable": true, "matchCriteriaId": "B5D76653-60CC-4107-A027-02E2A1B255DE", "versionEndExcluding": "17.2.7.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:eset:endpoint_antivirus:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "102DE882-64EA-4752-9722-2EAE0074BF91", "versionEndExcluding": "11.1.2039.0"}, {"criteria": "cpe:2.3:a:eset:endpoint_security:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "56305C95-A7D6-49BC-8CEE-5EA343190842", "versionEndExcluding": "11.1.2039.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:eset:server_security:*:*:*:*:*:windows_server:*:*", "vulnerable": true, "matchCriteriaId": "9F9E6C2C-AA89-4377-B0A0-6B3B36209B90", "versionEndExcluding": "11.0.12012.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:eset:mail_security:*:*:*:*:*:exchange_server:*:*", "vulnerable": true, "matchCriteriaId": "A8906CBA-D3F0-4BC1-B32A-11D4425EE784", "versionEndIncluding": "11.0.10008.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:eset:mail_security:-:*:*:*:*:domino:*:*", "vulnerable": true, "matchCriteriaId": "5043B5B1-38B2-4621-B738-A79E5DF8D98E"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:eset:security:*:*:*:*:*:sharepoint_server:*:*", "vulnerable": true, "matchCriteriaId": "61BC0A21-A589-48B5-9D35-E0E8749EDFDB", "versionEndExcluding": "11.0.15004.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@eset.com"}