CVE-2022-4294 — Improper Privilege Management in Antivirus

CWE-269 — Improper Privilege Management3 documents3 sources

Severity

7.8HIGHNVD

CNA7.1

EPSS

0.1%

top 69.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Avast Antivirus AVG Antivirus Avira Security +5 more

Timeline

PublishedJan 10

Description

Norton, Avira, Avast and AVG Antivirus for Windows may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages8 packages

▶CVEListV5nortonlifelock/avast_antivirusPrior to 22.10

▶CVEListV5nortonlifelock/norton_antivirus_windows_eraser_engineprior to 119.1.5.1

▶NVDavast/antivirus< 22.10

▶CVEListV5nortonlifelock/avg_antivirusPrior to 22.10

▶CVEListV5nortonlifelock/avira_securityprior to 1.1.78

🔴Vulnerability Details

GHSA

GHSA-69fr-p5cc-p429: Norton, Avira, Avast and AVG Antivirus for Windows may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an att↗2023-01-10

▶

CVEList

Norton, Avira, Avast and AVG Antivirus for Windows Privilege Escalation↗2023-01-10

▶