CVE-2024-7400
CVE-2024-7400 is a high-severity vulnerability with a CVSS 4.0 base score of 8.5. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-1386.
Key facts
- Severity: High (CVSS 4.0 base score 8.5)
- EPSS exploit prediction: 0% (13th percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2024-48331
- Weakness: CWE-1386
- Published:
- Last modified:
Description
The vulnerability potentially allowed an attacker to misuse ESET’s file operations during the removal of a detected file on the Windows operating system to delete files without having proper permissions to do so.
Frequently asked questions
- What is CVE-2024-7400?
- The vulnerability potentially allowed an attacker to misuse ESET’s file operations during the removal of a detected file on the Windows operating system to delete files without having proper permissions to do so.
- How severe is CVE-2024-7400?
- CVE-2024-7400 has a CVSS 4.0 base score of 8.5, rated high severity.
- Is CVE-2024-7400 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (13th percentile), an estimate of the probability of exploitation in the next 30 days.
- How do I fix CVE-2024-7400?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- Does CVE-2024-7400 have an EU (EUVD) identifier?
- Yes. CVE-2024-7400 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2024-48331.
- When was CVE-2024-7400 published?
- CVE-2024-7400 was published on 2024-09-27 and last updated on 2026-06-17.
References
Other CWE-1386 vulnerabilities
- CVE-2025-58074 — High (CVSS 8.8): A privilege escalation vulnerability exists during the installation of Norton Secure VPN via the Microsoft Store. A…
- CVE-2024-36340 — Medium (CVSS 6.6): A junction point vulnerability within AMD uProf can allow a local low-privileged attacker to create junction points,…
- CVE-2026-41116 — Medium (CVSS 6.3): Dell Inventory Collector Client, versions prior to 13.8.0, contain an Improper Link Resolution Before File Access…
- CVE-2023-40623 — Medium (CVSS 6.2): SAP BusinessObjects Suite Installer - version 420, 430, allows an attacker within the network to create a directory…
- CVE-2023-23698 — Medium (CVSS 5.5): Dell Command | Update, Dell Update, and Alienware Update versions before 4.6.0 and 4.7.1 contain Insecure Operation on…
- CVE-2023-32470 — Medium (CVSS 5.0): Dell Digital Delivery versions prior to 5.0.82.0 contain an Insecure Operation on Windows Junction / Mount Point…