CVE-2021-45338Improper Privilege Management in Antivirus

CWE-269Improper Privilege Management3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 78.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Avast Antivirus
Timeline
PublishedDec 27
Latest updateDec 28

Description

Multiple privilege escalation vulnerabilities in Avast Antivirus prior to 20.4 allow a local user to gain elevated privileges by calling unnecessarily powerful internal methods of the main antivirus service which could lead to the (1) arbitrary file delete, (2) write and (3) reset security.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

NVDavast/antivirus< 20.4

🔴Vulnerability Details

2
GHSA
GHSA-9v35-rf4g-xvc2: Multiple privilege escalation vulnerabilities in Avast Antivirus prior to 202021-12-28
CVEList
CVE-2021-45338: Multiple privilege escalation vulnerabilities in Avast Antivirus prior to 202021-12-27
CVE-2021-45338 — Improper Privilege Management in Avast | cvebase