Local Privilege Escalation Vulnerability in Norton Utilities by NortonLifeLock
CVE-2024-13944

7.8HIGH

Key Information:

Vendor: Norton
Status: Norton Utilities Ultimate; Cleanup; Tuneup
Vendor: CVE Published:; 9 May 2025

What is CVE-2024-13944?

A local privilege escalation vulnerability exists in Norton Utilities Ultimate, specifically version 24.2.16862.6344. This flaw allows local attackers to create a symbolic link that exploits a TOCTTOU (time-of-check to time-of-use) vulnerability, enabling them to escalate their privileges and execute arbitrary code with SYSTEM-level access. This could potentially lead to unauthorized access and manipulation of sensitive system resources.

Affected Version(s)

CleanUp Windows 0 <= 24.3.17165.19178

Norton Utilities Ultimate Windows 0 <= 24.3.17165.6812

TuneUp Windows 0 <= 24.3.17165.10564

References

https://www.gendigital.com/us/en/contact-us/security-advi...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 9, 2025
Vulnerability Reserved
May 6, 2025

Credit

Vladislav Berghici of Trend Micro Research

Zero Day Initiative