Multiple Privilege Escalation Vulnerabilities in Avast Antivirus
CVE-2021-45338

7.8HIGH

Key Information:

Vendor

Avast

Status
Antivirus
Vendor
CVE Published:
27 December 2021

What is CVE-2021-45338?

Multiple vulnerabilities in Avast Antivirus, prior to version 20.4, enable a local user to exploit powerful internal methods of the antivirus service. This could result in unauthorized actions such as arbitrary file deletion, writing files, and resetting security settings. These vulnerabilities pose significant risks to user data and system integrity, highlighting the necessity for timely updates and robust security measures.

References

https://www.avast.com/hacker-hall-of-fame/en/researcher-d...
x_refsource_MISC
https://github.com/the-deniss/Vulnerability-Disclosures/t...
x_refsource_MISC
https://github.com/the-deniss/Vulnerability-Disclosures/t...
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2021-45338 : Multiple Privilege Escalation Vulnerabilities in Avast Antivirus