CVE-2021-45338

Опубликовано: 27 дек. 2021

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

Multiple privilege escalation vulnerabilities in Avast Antivirus prior to 20.4 allow a local user to gain elevated privileges by calling unnecessarily powerful internal methods of the main antivirus service which could lead to the (1) arbitrary file delete, (2) write and (3) reset security.

Ссылки

https://github.com/the-deniss/Vulnerability-Disclosures/tree/main/CVE-2021-AVST1.1
Exploit
Third Party Advisory
https://github.com/the-deniss/Vulnerability-Disclosures/tree/main/CVE-2021-AVST1.2
Exploit
Third Party Advisory
https://github.com/the-deniss/Vulnerability-Disclosures/tree/main/CVE-2021-AVST1.3
Exploit
Third Party Advisory
https://www.avast.com/hacker-hall-of-fame/en/researcher-david-eade-reports-antitrack-bug-to-avast-0
Vendor Advisory
https://github.com/the-deniss/Vulnerability-Disclosures/tree/main/CVE-2021-AVST1.1
Exploit
Third Party Advisory
https://github.com/the-deniss/Vulnerability-Disclosures/tree/main/CVE-2021-AVST1.2
Exploit
Third Party Advisory
https://github.com/the-deniss/Vulnerability-Disclosures/tree/main/CVE-2021-AVST1.3
Exploit
Third Party Advisory
https://www.avast.com/hacker-hall-of-fame/en/researcher-david-eade-reports-antitrack-bug-to-avast-0
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:avast:antivirus:*:*:*:*:*:*:*:*

Версия до 20.4 (исключая)

EPSS

Процентиль: 22%

0.0007

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-9v35-rf4g-xvc2