CVE-2023-3160: ESET Security Products for Windows Vulnerable to Privilege Escalation Attack
A critical vulnerability has been discovered in ESET security products for Windows that could allow a local authenticated attacker to gain elevated privileges on the system. The vulnerability tracked as CVE-2023-3160 has a CVSS score of 7.8 and is rated as HIGH severity.
The vulnerability exists in the ekrn service, which is responsible for updating ESET products. An attacker could exploit the vulnerability by creating a specially crafted symbolic link that would allow them to gain elevated privileges and execute arbitrary code in the context of SYSTEM.
To exploit the vulnerability, an attacker would first need to log on to the system as a local authenticated user. They could then use the ESET GUI to plant malicious files required for the attack into specific folders. Once the malicious files are in place, the attacker could then use file operations performed by ESET’s updater component to possibly delete or move any arbitrary file. This would create the conditions necessary for the attacker to exploit the vulnerability and gain elevated privileges.
The potential reach of this vulnerability isn’t limited. Here’s a list of the affected ESET products:
- ESET NOD32 Antivirus
- ESET Internet Security
- ESET Smart Security Premium
- ESET Endpoint Antivirus and ESET Endpoint Security
- ESET Server Security for Windows Server (File Security)
- ESET Mail Security for Microsoft Exchange Server
- ESET Mail Security for IBM Domino
- ESET Security for Microsoft SharePoint Server
There are no known exploits that take advantage of this vulnerability in the wild, but it is important to patch affected ESET products as soon as possible. ESET has released an update with HIPS support module 1463 to patch the CVE-2023-3160 vulnerability in already installed products. This update was distributed automatically, so affected users should have already received it.