CVE-2024-7234Link Following in Antivirus Free

CWE-59Link Following3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 74.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
AVG Antivirus FreeAVG Antivirus
Timeline
PublishedNov 22
Latest updateNov 23

Description

AVG AntiVirus Free AVGSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of AVG AntiVirus Free. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AVG Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerab

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5avg/antivirus_free23.9.8494.795
NVDavg/antivirus23.9.8494.795

🔴Vulnerability Details

2
GHSA
GHSA-mxvq-xmr3-fr4w: AVG AntiVirus Free AVGSvc Link Following Local Privilege Escalation Vulnerability2024-11-23
CVEList
AVG AntiVirus Free AVGSvc Link Following Local Privilege Escalation Vulnerability2024-11-22
CVE-2024-7234 — Link Following in AVG Antivirus Free | cvebase