Vulnerability Details : CVE-2021-45335
Potential exploit
Sandbox component in Avast Antivirus prior to 20.4 has an insecure permission which could be abused by local user to control the outcome of scans, and therefore evade detection or delete arbitrary system files.
Products affected by CVE-2021-45335
- cpe:2.3:a:avast:antivirus:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-45335
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-45335
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
8.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
2.0
|
6.0
|
NIST |
CWE ids for CVE-2021-45335
-
During installation, installed file permissions are set to allow anyone to modify those files.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-45335
-
https://github.com/the-deniss/Vulnerability-Disclosures/tree/main/CVE-2021-AVST3%20%26%20CVE-2021-AVST4%20%26%20CVE-2021-AVST5
Vulnerability-Disclosures/CVE-2021-AVST3 & CVE-2021-AVST4 & CVE-2021-AVST5 at main · the-deniss/Vulnerability-Disclosures · GitHubExploit;Third Party Advisory
-
https://www.avast.com/hacker-hall-of-fame/en/researcher-david-eade-reports-antitrack-bug-to-avast-0
Researcher Wladimir Palant supports Avast's efforts to protect its users, by submitting vulnerability reportsVendor Advisory
Jump to