Avast Premium Security Sandbox Protection Incorrect Authorization Privilege Escalation Vulnerability
CVE-2023-42124

5.3MEDIUM

Key Information:

Vendor: Avast
Status: Premium Security
Vendor: CVE Published:; 3 May 2024

What is CVE-2023-42124?

This vulnerability involves an incorrect authorization flaw within the sandbox feature of Avast Premium Security. Local attackers can leverage this issue to escalate their privileges, allowing them to execute arbitrary code outside of the sandbox environment. To exploit this vulnerability, an attacker must first run low-privileged code on the system where the affected product is installed. The flaw potentially compromises the overall security posture of systems utilizing this software unless appropriately mitigated.

Affected Version(s)

Premium Security Avast Premium Security 22.12.6044 (build 22.12.7758.769)

References

https://www.zerodayinitiative.com/advisories/ZDI-23-1474/

x_research-advisory

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 3, 2024
Vulnerability Reserved
Sep 6, 2023