Hidden functionality in Eset products - CVE-2019-16519
Published: October 17, 2019
Vulnerability identifier: #VU21925
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2019-16519
CWE-ID: CWE-912
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Eset
Affected software:
ESET Cyber Security
ESET Endpoint Security for macOS
ESET Endpoint Antivirus for macOS
ESET Cyber Security
ESET Endpoint Security for macOS
ESET Endpoint Antivirus for macOS
Detailed vulnerability description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to presence of an undocumented feature in scheduled tasks. A local user can execute arbitrary code with root privileges.
How to mitigate CVE-2019-16519
Install updates from vendor's website.