The esets_daemon service in ESET Endpoint Antivirus for macOS prior to 6.4.168.0 and Endpoint Security for macOS prior to 6.4.168.0 does not properly verify X.509 certificates from the edf.eset.com SSL server, which allows man-in-the-middle malicious users to spoof this server and provide crafted responses to license activation requests via a self-signed certificate. NOTE: this issue can be combined with CVE-2016-0718 to execute arbitrary code remotely as root.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
eset endpoint security 6.3.70.1 |
||
eset endpoint antivirus 6.3.70.1 |