CVE-2021-45338

Published: Dec 27, 2021Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Multiple privilege escalation vulnerabilities in Avast Antivirus prior to 20.4 allow a local user to gain elevated privileges by calling unnecessarily powerful internal methods of the main antivirus service which could lead to the (1) arbitrary file delete, (2) write and (3) reset security.

Affected (1)

Products: Avast: Antivirus

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Avast Antivirus	Before 20.4

References (8)

https://github.com/the-deniss/Vulnerability-Disclosures/tree/main/CVE-2021-AVST1.1

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/the-deniss/Vulnerability-Disclosures/tree/main/CVE-2021-AVST1.2

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/the-deniss/Vulnerability-Disclosures/tree/main/CVE-2021-AVST1.3

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.avast.com/hacker-hall-of-fame/en/researcher-david-eade-reports-antitrack-bug-to-avast-0

Source: cve@mitre.org

Vendor Advisory

https://github.com/the-deniss/Vulnerability-Disclosures/tree/main/CVE-2021-AVST1.1

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://github.com/the-deniss/Vulnerability-Disclosures/tree/main/CVE-2021-AVST1.2

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://github.com/the-deniss/Vulnerability-Disclosures/tree/main/CVE-2021-AVST1.3

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.avast.com/hacker-hall-of-fame/en/researcher-david-eade-reports-antitrack-bug-to-avast-0

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.