MicroWorld eScan Anti-Virus runasroot incorrect execution-assigned permissions
CVE-2023-4383

7.8HIGH

Key Information:

Vendor

MicroWorld

Status
eScan Anti-Virus
Vendor
CVE Published:
16 August 2023

What is CVE-2023-4383?

A local permissions vulnerability has been identified in MicroWorld eScan Anti-Virus, specifically in version 7.0.32 for Linux. This flaw involves the runasroot file and can result in the incorrect assignment of execution permissions. Attackers with local access to the system could potentially exploit this weakness. The vendor was informed about the disclosure but has not responded, increasing concerns about the vulnerability's mitigation. Public knowledge of this exploit may expose users to increased risk.

Affected Version(s)

eScan Anti-Virus 7.0.32

References

https://vuldb.com/?id.237315
vdb-entrytechnical-description
https://vuldb.com/?ctiid.237315
signaturepermissions-required
https://gist.github.com/dmknght/ac489cf3605ded09b3925521a...
exploit

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

dmknght (VulDB User)
.