Vulnerability CVE-2016-9892

Vulnerability Name:

CVE-2016-9892 (CCN-122372)

Assigned:

2016-12-07

Published:

2017-02-27

Updated:

2017-03-16

Summary:

The esets_daemon service in ESET Endpoint Antivirus for macOS before 6.4.168.0 and Endpoint Security for macOS before 6.4.168.0 does not properly verify X.509 certificates from the edf.eset.com SSL server, which allows man-in-the-middle attackers to spoof this server and provide crafted responses to license activation requests via a self-signed certificate.
Note: this issue can be combined with CVE-2016-0718 to execute arbitrary code remotely as root.

CVSS v3 Severity:

5.9 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)
5.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): High Availibility (A): None

9.8 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-295

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2016-9892

Source: MISC
Type: Exploit, Third Party Advisory
http://packetstormsecurity.com/files/141350/ESET-Endpoint-Antivirus-6-Remote-Code-Execution.html

Source: CCN
Type: Full-Disclosure Mailing List, Mon, 27 Feb 2017 10:27:36 -0800
CVE-2016-9892 - Remote Code Execution as Root via ESET Endpoint Antivirus 6

Source: FULLDISC
Type: Exploit, Mailing List
20170227 CVE-2016-9892 - Remote Code Execution as Root via ESET Endpoint Antivirus 6

Source: CONFIRM
Type: Vendor Advisory
http://support.eset.com/ca6333/

Source: BID
Type: Third Party Advisory, VDB Entry
96462

Source: CCN
Type: BID-96462
ESET Endpoint Antivirus CVE-2016-9892 Remote Code Execution Vulnerability

Source: XF
Type: UNKNOWN
eset-endpoint-cve20169892-code-exec(122372)

Source: CCN
Type: Packet Storm Security [02-27-2017]
ESET Endpoint Antivirus 6 Remote Code Execution

Source: CCN
Type: ESET Web site
Endpoint Antivirus

Vulnerable Configuration:

Configuration 1:

cpe:/a:eset:endpoint_antivirus:6.3.70.1:*:*:*:*:macos:*:*

OR cpe:/a:eset:endpoint_security:6.3.70.1:*:*:*:*:macos:*:*

Configuration CCN 1:

cpe:/a:eset:endpoint_antivirus:6.3.70.1:*:*:*:*:macos:*:*

Denotes that component is vulnerable

BACK