CVE-2022-3368

Published: Oct 17, 2022Modified: May 10, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A vulnerability within the Software Updater functionality of Avira Security for Windows allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. The issue was fixed with Avira Security version 1.1.72.30556.

Affected (1)

Products: Avira: Avira Security

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Avira Avira Security	Up to 1.1.71.30554

Related CWEs

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (2)

https://support.norton.com/sp/static/external/tools/security-advisories.html

Source: security@nortonlifelock.com

Vendor Advisory

https://support.norton.com/sp/static/external/tools/security-advisories.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.