CVE-2023-51636Link Following in Prime

CWE-59Link Following3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 72.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Avira PrimeAvira Prime
Timeline
PublishedMay 22

Description

Avira Prime Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avira Prime. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Avira Spotlight Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDavira/avira_prime< 6.27.19
CVEListV5avira/prime1.1.94.4

🔴Vulnerability Details

2
GHSA
GHSA-c2xc-682q-ghp8: Avira Prime Link Following Local Privilege Escalation Vulnerability2024-05-22
CVEList
Avira Prime Link Following Local Privilege Escalation Vulnerability2024-05-22
CVE-2023-51636 — Link Following in Avira Prime | cvebase