Vulnerability Details : CVE-2021-45338
Multiple privilege escalation vulnerabilities in Avast Antivirus prior to 20.4 allow a local user to gain elevated privileges by calling unnecessarily powerful internal methods of the main antivirus service which could lead to the (1) arbitrary file delete, (2) write and (3) reset security.
Vulnerability category: Gain privilege
Products affected by CVE-2021-45338
- cpe:2.3:a:avast:antivirus:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-45338
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 8 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-45338
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
References for CVE-2021-45338
-
https://github.com/the-deniss/Vulnerability-Disclosures/tree/main/CVE-2021-AVST1.2
Vulnerability-Disclosures/CVE-2021-AVST1.2 at main · the-deniss/Vulnerability-Disclosures · GitHubExploit;Third Party Advisory
-
https://github.com/the-deniss/Vulnerability-Disclosures/tree/main/CVE-2021-AVST1.3
Vulnerability-Disclosures/CVE-2021-AVST1.3 at main · the-deniss/Vulnerability-Disclosures · GitHubExploit;Third Party Advisory
-
https://www.avast.com/hacker-hall-of-fame/en/researcher-david-eade-reports-antitrack-bug-to-avast-0
Researcher Wladimir Palant supports Avast's efforts to protect its users, by submitting vulnerability reportsVendor Advisory
-
https://github.com/the-deniss/Vulnerability-Disclosures/tree/main/CVE-2021-AVST1.1
Vulnerability-Disclosures/CVE-2021-AVST1.1 at main · the-deniss/Vulnerability-Disclosures · GitHubExploit;Third Party Advisory
Jump to