CVE-2021-45335Incorrect Default Permissions in Antivirus

CWE-276Incorrect Default Permissions3 documents3 sources
Severity
8.8HIGHNVD
EPSS
0.2%
top 59.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Avast Antivirus
Timeline
PublishedDec 27
Latest updateDec 28

Description

Sandbox component in Avast Antivirus prior to 20.4 has an insecure permission which could be abused by local user to control the outcome of scans, and therefore evade detection or delete arbitrary system files.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages1 packages

NVDavast/antivirus< 20.4

🔴Vulnerability Details

2
GHSA
GHSA-gjmr-rw74-6fvm: Sandbox component in Avast Antivirus prior to 202021-12-28
CVEList
CVE-2021-45335: Sandbox component in Avast Antivirus prior to 202021-12-27
CVE-2021-45335 — Incorrect Default Permissions in Avast | cvebase