Local Privilege Escalation in MicroWorld eScan Antivirus on Linux
CVE-2024-13188

4.8MEDIUM

Key Information:

Vendor

Microworld

Status
Escan Antivirus
Vendor
CVE Published:
8 January 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2024-13188?

A significant vulnerability has been identified in MicroWorld eScan Antivirus 7.0.32 on Linux, specifically within the Installation Handler component. This flaw exposes a critical issue with the default permissions of the file located at /opt/MicroWorld/var/. An attacker can manipulate these permissions, leading to potential unauthorized access. Exploitation of this vulnerability requires local access to the target system. The exploit has been publicly disclosed, raising concerns about the need for immediate remediation. Despite early notifications to the vendor, no response has been recorded, highlighting the urgency for users to evaluate and address their security measures.

Affected Version(s)

eScan Antivirus 7.0.32

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-13188 - Proof of Concept

References

https://vuldb.com/?id.290780
vdb-entry
https://vuldb.com/?ctiid.290780
signaturepermissions-required
https://vuldb.com/?submit.468796
third-party-advisory

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

.
CVE-2024-13188 : Local Privilege Escalation in MicroWorld eScan Antivirus on Linux