CVE-2022-3368Incorrect Default Permissions in Avira Security FOR Windows

CWE-276Incorrect Default PermissionsCWE-269Improper Privilege Management3 documents3 sources
Severity
8.8HIGHNVD
CNA7.3
EPSS
4.8%
top 10.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nortonlifelock Avira Security FOR WindowsAvira Security
Timeline
PublishedOct 17
Latest updateOct 18

Description

A vulnerability within the Software Updater functionality of Avira Security for Windows allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. The issue was fixed with Avira Security version 1.1.72.30556.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5nortonlifelock/avira_security_for_windowsall1.1.71.30554
NVDavira/avira_security1.1.71.30554

🔴Vulnerability Details

2
GHSA
GHSA-9pgf-v4c5-vh54: A vulnerability within the Software Updater functionality of Avira Security for Windows allowed an attacker with write access to the filesystem, to es2022-10-18
CVEList
Software Updater of Avira Security for Windows vulnerable to Privilege Escalation2022-10-17
CVE-2022-3368 — Incorrect Default Permissions | cvebase