CVE-2021-37850

Published on: 11/08/2021 12:00:00 AM UTC

Last Modified on: 11/17/2021 09:38:18 PM UTC

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Certain versions of Cyber Security from Eset contain the following vulnerability:

ESET was made aware of a vulnerability in its consumer and business products for macOS that enables a user logged on to the system to stop the ESET daemon, effectively disabling the protection of the ESET security product until a system reboot.

  • CVE-2021-37850 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as MEDIUM severity.
  • Affected Vendor/Software: URL Logo ESET, spol. s r.o. - ESET Cyber Security version <= 6.10.700
  • Affected Vendor/Software: URL Logo ESET, spol. s r.o. - ESET Cyber Security Pro version < 6.10.700
  • Affected Vendor/Software: URL Logo ESET, spol. s r.o. - ESET Endpoint Antivirus for macOS version < 6.10.910.0
  • Affected Vendor/Software: URL Logo ESET, spol. s r.o. - ESET Endpoint Security for macOS version < 6.10.910.0

CVSS3 Score: 5.5 - MEDIUM

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
LOCAL LOW LOW NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED NONE HIGH NONE

CVSS2 Score: 2.1 - LOW

Access
Vector
Access
Complexity
Authentication
LOCAL LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
NONE PARTIAL NONE

CVE References

Description Tags Link
[CA8151] Denial of service vulnerability in ESET products for macOS fixed support.eset.com
text/html
URL Logo MISC support.eset.com/en/ca8151

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationEsetCyber SecurityAllAllAllAll
ApplicationEsetCyber SecurityAllAllAllAll
ApplicationEsetEndpoint AntivirusAllAllAllAll
ApplicationEsetEndpoint SecurityAllAllAllAll
  • cpe:2.3:a:eset:cyber_security:*:*:*:*:-:macos:*:*:
  • cpe:2.3:a:eset:cyber_security:*:*:*:*:pro:macos:*:*:
  • cpe:2.3:a:eset:endpoint_antivirus:*:*:*:*:-:macos:*:*:
  • cpe:2.3:a:eset:endpoint_security:*:*:*:*:-:macos:*:*:

Discovery Credit

ESET values the principles of responsible disclosure within the security industry and would like to express our thanks to Teiei Shu (廷叡 周) who reported this issue.

Social Mentions

Source Title Posted (UTC)
Twitter Icon @p1atdev ESETに報告した脆弱性が認められた? CVE-2021-37850 で登録される予定〜 2021-10-05 11:35:57
Twitter Icon @autumn_good_35 macOS向けのESET製品で権限昇格の脆弱性修正。 CVE-2021-37850 [CA8151] Local privilege escalation vulnerability in ESET products for m… twitter.com/i/web/status/1… 2021-10-22 07:00:47
Twitter Icon @autumn_good_35 AV製品のDoSは困りますね.... CVE-2021-37850 [CA8151] Denial of service vulnerability in ESET products for macOS fixed support.eset.com/en/ca8151-deni… 2021-10-26 13:32:48
Twitter Icon @CVEreport CVE-2021-37850 : ESET was made aware of a vulnerability in its consumer and business products for macOS that enable… twitter.com/i/web/status/1… 2021-11-08 14:06:24
© CVE.report 2022 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report