Security Vulnerability CVE-2020-26941 for ESET Endpoint Security

description-logoDescription

A local (authenticated) low-privileged user can exploit a behavior in an ESET installer to achieve arbitrary file overwrite (deletion) of any file via a symlink, due to insecure permissions. The possibility of exploiting this vulnerability is limited and can only take place during the installation phase of ESET products. Furthermore, exploitation can only succeed when Self-Defense is disabled. This affects ESET Endpoint Security before 7.3.

affected-products-logoAffected Applications

ESET Endpoint Security

CVE References

CVE-2020-26941