Avast Premium Security Sandbox Protection Link Following Privilege Escalation Vulnerability
CVE-2023-42125

7.8HIGH

Key Information:

Vendor: Avast
Status: Premium Security
Vendor: CVE Published:; 3 May 2024

What is CVE-2023-42125?

A privilege escalation vulnerability exists in the Avast Premium Security Sandbox Protection, where local attackers can exploit a flaw in the implementation of the sandbox feature. By creating a symbolic link, attackers can manipulate the service to generate arbitrary namespace objects. This exploitation allows individuals with low-privileged access to escalate their privileges and execute arbitrary code in the context of the SYSTEM user, posing significant risks to system integrity and security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Premium Security Avast Premium Security 22.12.6044 (build 22.12.7758.769)

References

https://www.zerodayinitiative.com/advisories/ZDI-23-1475/

x_research-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

CVSS V3.0

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 3, 2024
Vulnerability Reserved
Sep 6, 2023

JSON

Avast

What is CVE-2023-42125?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

CVSS V3.0

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.