Published:2021/10/29  Last Updated:2021/10/29

JVN#60553023
ESET Cyber Security and ESET Endpoint series vulnerable to denial-of-service (DoS)

Overview

ESET Cyber Security and ESET Endpoint series for macOS contain a denial-of-service (DoS) vulnerability.

Products Affected

  • ESET Cyber Security 6.10.700 and earlier
  • ESET Cyber Security Pro 6.10.700 and earlier
  • ESET Endpoint Antivirus for macOS 6.10.910.0 and earlier
  • ESET Endpoint Security for macOS 6.10.910.0 and earlier

Description

ESET Cyber Security and ESET Endpoint series are antivirus software. ESET Cyber Security and ESET Endpoint series for macOS contain a denial-of-service (DoS) vulnerability (CWE-404).

Impact

If it is exploited, an attacker may cause a denial-of-service (DoS) to stop the applications and all daemons of the affected products.

Solution

Update the software
Update the software to the latest version according to the information provided by the developer.
The developer has released the versions listed below that address the vulnerability.

  • ESET Cyber Security 6.11.2.0
  • ESET Cyber Security Pro 6.11.2.0
  • ESET Endpoint Antivirus for macOS 6.11.1.0
  • ESET Endpoint Security for macOS 6.11.1.0

Vendor Status

Vendor Link
ESET [CA8151] Denial of service vulnerability in ESET products for macOS fixed
ESET INTERNET SECURITY

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

CVSS v3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score: 5.5
Attack Vector(AV) Physical (P) Local (L) Adjacent (A) Network (N)
Attack Complexity(AC) High (H) Low (L)
Privileges Required(PR) High (H) Low (L) None (N)
User Interaction(UI) Required (R) None (N)
Scope(S) Unchanged (U) Changed (C)
Confidentiality Impact(C) None (N) Low (L) High (H)
Integrity Impact(I) None (N) Low (L) High (H)
Availability Impact(A) None (N) Low (L) High (H)
CVSS v2 AV:L/AC:L/Au:S/C:N/I:N/A:P
Base Score: 1.7
Access Vector(AV) Local (L) Adjacent Network (A) Network (N)
Access Complexity(AC) High (H) Medium (M) Low (L)
Authentication(Au) Multiple (M) Single (S) None (N)
Confidentiality Impact(C) None (N) Partial (P) Complete (C)
Integrity Impact(I) None (N) Partial (P) Complete (C)
Availability Impact(A) None (N) Partial (P) Complete (C)

Credit

Zhou Tingrui of Kaijo Junior & Senior High School reported this vulnerability to the developer and IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2021-37850
JVN iPedia JVNDB-2021-000098