CVE-2022-4173

Published: Dec 6, 2022Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A vulnerability within the malware removal functionality of Avast and AVG Antivirus allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. The issue was fixed with Avast and AVG Antivirus version 22.10.

Affected (2)

Products: Avast: Avast, Avg Antivirus

2 products

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Avast Avast	From 20.5 to 22.9
Avast Avg Antivirus	From 20.5 to 22.9

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://support.norton.com/sp/static/external/tools/security-advisories.html

Source: security@nortonlifelock.com

Third Party Advisory

https://support.norton.com/sp/static/external/tools/security-advisories.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.