CVE-2022-4429

Published: Jan 10, 2023Modified: Nov 21, 2024

4.4

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Exploitability: 0.8 / Impact: 3.6

Source: NVD

Description

Avira Security for Windows contains an unquoted service path which allows attackers with local administrative privileges to cause a Denial of Service. The issue was fixed with Avira Security version 1.1.78

Affected (1)

Products: Avira: Avira Security

Avira

1 product

Avira Security

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Avira Avira Security	Before 1.1.78

Related CWEs

CWE-428

Unquoted Search Path or Element

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

References (2)

https://support.norton.com/sp/static/external/tools/security-advisories.html

Source: security@nortonlifelock.com

Vendor Advisory

https://support.norton.com/sp/static/external/tools/security-advisories.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.