virus logo FortiClient Vulnerability

Security Vulnerability cve-2020-26941 for ESET Endpoint Antivirus

description-logoDescription

A local (authenticated) low-privileged user can exploit a behavior in an ESET installer to achieve arbitrary file overwrite (deletion) of any file via a symlink, due to insecure permissions. The possibility of exploiting this vulnerability is limited and can only take place during the installation phase of ESET products. Furthermore, exploitation can only succeed when Self-Defense is disabled. Affected products are: ESET Endpoint Antivirus versions 7.3 and lower.

affected-products-logoAffected Applications

ESET Endpoint Antivirus

CVE References

CVE-2020-26941

Other References

https://web.nvd.nist.gov/view/vuln/detail?vulnId=cve-2020-26941
ID 2260
Created Jul 14, 2021
Description
Updated		 Feb 16, 2022
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Windows
Vendor ESET
Patch manual
Application ESET Endpoint Antivirus