CVE-2022-27167 Vulnerability Details

/ / /

CVE-2022-27167 Metadata Quick Info

CVE Published: 10/05/2022 | CVE Updated: 16/09/2024 | CVE Year: 2022
Source: ESET | Vendor: ESET, spol. s r.o. | Product: ESET NOD32 Antivirus
Status : PUBLISHED

CVE-2022-27167 Description

Privilege escalation vulnerability in Windows products of ESET, spol. s r.o. allows attacker to exploit "Repair" and "Uninstall" features what may lead to arbitrary file deletion. This issue affects: ESET, spol. s r.o. ESET NOD32 Antivirus 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Internet Security 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Smart Security Premium 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Endpoint Antivirus 6.0 versions prior to 9.0.2046.0. ESET, spol. s r.o. ESET Endpoint Security 6.0 versions prior to 9.0.2046.0. ESET, spol. s r.o. ESET Server Security for Microsoft Windows Server 8.0 versions prior to 9.0.12012.0. ESET, spol. s r.o. ESET File Security for Microsoft Windows Server 8.0.12013.0. ESET, spol. s r.o. ESET Mail Security for Microsoft Exchange Server 6.0 versions prior to 8.0.10020.0. ESET, spol. s r.o. ESET Mail Security for IBM Domino 6.0 versions prior to 8.0.14011.0. ESET, spol. s r.o. ESET Security for Microsoft SharePoint Server 6.0 versions prior to 8.0.15009.0.

Metrics

CVSS Version: 3.1 | Base Score: 7.1 HIGH
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

l➤ Exploitability Metrics:
Attack Vector (AV)* LOCAL
Attack Complexity (AC)* LOW
Privileges Required (PR)* LOW
User Interaction (UI)* NONE
Scope (S)* UNCHANGED

l➤ Impact Metrics:
Confidentiality Impact (C)* NONE
Integrity Impact (I)* HIGH
Availability Impact (A)* HIGH

Weakness Enumeration (CWE)

CWE-ID: CWE-280
CWE Name: CWE-280 Improper Handling of Insufficient Permissions or Privileges
Source: ESET, spol. s r.o.

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:

Source: NVD (National Vulnerability Database).