CVE-2023-3160 – This vulnerability in ESET security software al... (How to Fix)

Q: What is the severity of CVE-2023-3160?

CVE-2023-3160 has a CVSS score of 7.8 (HIGH). This vulnerability in ESET security software allows attackers to abuse file operations during module updates to delete or move files without proper permissions. It affects ESET products on Windows systems, potentially enabling unauthorized file manipulation.

📋 TL;DR

This vulnerability in ESET security software allows attackers to abuse file operations during module updates to delete or move files without proper permissions. It affects ESET products on Windows systems, potentially enabling unauthorized file manipulation.

💻 Affected Systems

Products:

ESET Endpoint Antivirus
ESET Endpoint Security
ESET Server Security
ESET File Security
ESET Mail Security

Versions: Versions prior to 10.1.2046.0

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Affects Windows versions of ESET products. Requires local access to the system.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker could delete critical system files, move sensitive data, or disrupt system operations by manipulating files without authorization.

🟠

Likely Case

Local attacker with limited privileges could delete or move user files, potentially causing data loss or system instability.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited to non-critical file operations by authenticated users.

🌐 Internet-Facing: LOW - This appears to be a local privilege escalation requiring local access.

🏢 Internal Only: MEDIUM - Internal users with limited privileges could exploit this to manipulate files beyond their intended permissions.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and knowledge of the vulnerability. No public exploit code available at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.1.2046.0 and later

Vendor Advisory: https://support.eset.com/en/ca8466

Restart Required: Yes

Instructions:

1. Open ESET product interface. 2. Navigate to Update section. 3. Click 'Check for updates'. 4. Install available updates. 5. Restart computer when prompted.

🔧 Temporary Workarounds

Disable automatic updates

windows

Temporarily disable automatic module updates to prevent exploitation during update process

Open ESET interface > Setup > Advanced setup > Update > Profile > Uncheck 'Enable automatic update'

🧯 If You Can't Patch

Implement strict access controls to limit local user privileges
Enable file integrity monitoring to detect unauthorized file operations

🔍 How to Verify

Check if Vulnerable:

Check ESET product version in the application interface under Help > About

Check Version:

Open ESET interface and navigate to Help > About

Verify Fix Applied:

Verify version is 10.1.2046.0 or higher in Help > About section

📡 Detection & Monitoring

Log Indicators:

Unexpected file deletion/movement events during ESET updates
Access denied errors for file operations by ESET processes

Network Indicators:

Unusual update patterns from ESET servers

SIEM Query:

source="eset_logs" AND (event_type="file_operation" AND result="denied") OR (process="ekrn.exe" AND operation="move_file" OR operation="delete_file")

📊 Metadata

CVE ID: CVE-2023-3160

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-269

Published: August 14, 2023

Last Updated: November 21, 2024

🔗 References

https://support.eset.com/en/ca8466 Vendor Advisory
https://support.eset.com/en/ca8466 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-3160, you might also want to check these: