CVE-2021-45337

Опубликовано: 27 дек. 2021

Источник: nvd

CVSS3: 8.8

CVSS2: 7.2

EPSS Низкий

Описание

Privilege escalation vulnerability in the Self-Defense driver of Avast Antivirus prior to 20.8 allows a local user with SYSTEM privileges to gain elevated privileges by "hollowing" process wsc_proxy.exe which could lead to acquire antimalware (AM-PPL) protection.

Ссылки

https://github.com/the-deniss/Vulnerability-Disclosures/tree/main/CVE-2021-AVST3%20%26%20CVE-2021-AVST4%20%26%20CVE-2021-AVST5
Exploit
Third Party Advisory
https://www.avast.com/hacker-hall-of-fame/en/researcher-david-eade-reports-antitrack-bug-to-avast-0
Vendor Advisory
https://github.com/the-deniss/Vulnerability-Disclosures/tree/main/CVE-2021-AVST3%20%26%20CVE-2021-AVST4%20%26%20CVE-2021-AVST5
Exploit
Third Party Advisory
https://www.avast.com/hacker-hall-of-fame/en/researcher-david-eade-reports-antitrack-bug-to-avast-0
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:avast:antivirus:*:*:*:*:*:*:*:*

Версия до 20.8 (исключая)

EPSS

Процентиль: 22%

0.00074

Низкий

8.8 High

CVSS3

7.2 High

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-p4fv-c2p2-rfjh