|
[Japanese]
|
JVNDB-2021-000098
|
ESET Cyber Security and ESET Endpoint series vulnerable to denial-of-service (DoS)
|
|
ESET Cyber Security and ESET Endpoint series are antivirus software. ESET Cyber Security and ESET Endpoint series for macOS contain a denial-of-service (DoS) vulnerability (CWE-404).
Zhou Tingrui of Kaijo Junior & Senior High School reported this vulnerability to the developer and IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
|
|
CVSS V3 Severity:
Base Metrics 5.5 (Medium) [IPA Score]
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
CVSS V2 Severity:
Base Metrics 1.7 (Low) [IPA Score]
- Access Vector: Local
- Access Complexity: Low
- Authentication: Single Instance
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Partial
|
|
|
ESET
- ESET Cyber Security 6.10.700 and earlier
- ESET Cyber Security Pro 6.10.700 and earlier
- ESET Endpoint Antivirus for macOS 6.10.910.0 and earlier
- ESET Endpoint Security for macOS 6.10.910.0 and earlier
|
|
|
If it is exploited, an attacker may cause a denial-of-service (DoS) to stop the applications and all daemons of the affected products.
|
|
[Update the software]
Update the software to the latest version according to the information provided by the developer.
The developer has released the versions listed below that address the vulnerability.
* ESET Cyber Security 6.11.2.0
* ESET Cyber Security Pro 6.11.2.0
* ESET Endpoint Antivirus for macOS 6.11.1.0
* ESET Endpoint Security for macOS 6.11.1.0
|
|
ESET
|
|
- No Mapping(CWE-Other) [IPA Evaluation]
|
|
- CVE-2021-37850
|
|
- JVN : JVN#60553023
|
|
- [2021/10/29]
Web page was published
|
