CVE-2022-27167: 
NixOS vulnerability analysis and mitigation

A privilege escalation vulnerability (CVE-2022-27167) was discovered in ESET Windows products, affecting multiple versions including ESET NOD32 Antivirus, Internet Security, Smart Security Premium, and various enterprise solutions. The vulnerability allows attackers to exploit the 'Repair' and 'Uninstall' features, potentially leading to arbitrary file deletion. The issue affects versions prior to 15.1.12.0 for consumer products and various versions of enterprise products (MITRE CVE).

The vulnerability received a CVSS v3 base score of 7.1 with the vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H, indicating a high severity local attack that requires low privileges and no user interaction. The vulnerability specifically targets the Repair and Uninstall functionality in ESET's Windows products, potentially enabling arbitrary file deletion (ESET Advisory).

If successfully exploited, the vulnerability allows attackers to perform arbitrary file deletion on the affected system through the manipulation of the product's Repair and Uninstall features. This could potentially lead to system instability or compromise of security features (ESET Advisory).

ESET addressed this vulnerability by releasing an automatic update of the Antivirus and antispyware scanner module (version 1587) on March 31, 2022, which was distributed automatically to installed products. For new installations, ESET recommended using the latest installers from the ESET website or repository. The fix was implemented in various product versions, including ESET NOD32 Antivirus 15.1.12.0, ESET Endpoint Security 9.0.2046.0, and other enterprise solutions (ESET Advisory).