CVE-2024-5102 | |
Severity/CVSSv4.0 |
Severity: High Score:7.3 Vector: CVSS:4.0/AV:L/AC:H/AT/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H |
References | https://nvd.nist.gov/vuln/detail/CVE-2024-5102 |
Impact | Escalation of privelage |
Description | A sym-linked file accessed via the repair function in Avast Antivirus <24.2 on Windows may allow user to elevate privilege to delete arbitrary files or run processes as NT AUTHORITY\SYSTEM. The vulnerability exists within the "Repair" (settings -> troubleshooting -> repair) feature, which attempts to delete a file in the current user's AppData directory as NT AUTHORITY\SYSTEM. A low-privileged user can make a pseudo-symlink and a junction folder and point to a file on the system. This can provide a low-privileged user an Elevation of Privilege to win a race-condition which will re-create the system files and make Windows callback to a specially-crafted file which could be used to launch a privileged shell instance. This issue affects Avast Antivirus prior to 24.2. |
Additional Recommendations, if any: | We encourage customers to ensure their security software is always updated to the latest version available. Acknowledgements Naor Hodorov |
NLOKSA1516 | Ttime-of-check to time-of-use (TOCTOU) can lead to local privilege escalation." |
Advisory Status | CLOSED |
Summary | The aswSnx.sys driver contains a time-of-check to time-of-use (TOCTOU) bug in handling of IOCTL (input/output control) requests. This TOCTOU bug leads to an out-of-bounds write vulnerability which can be further exploited, allowing an attacker to gain full local privilege escalation on the system. |
Affected Products | Avast/AVG Antivirus 23.8 |
Issues | Mitigation The issue was fixed with Avast/AVG Antivirus version 23.9. AcknowledgementsWei Sheng Teo of Ensign InfoSecurity |
CVE-2023-5760 | |
Severity/CVSSv3 |
Severity: Low Score:3.9 Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N |
References | https://nvd.nist.gov/vuln/detail/CVE-2023-5760 |
Impact | Escalation of privelage |
Description | A time-of-check to time-of-use (TOCTOU) bug in handling of IOCTL (input/output control) requests. This TOCTOU bug leads to an out-of-bounds write vulnerability which can be further exploited, allowing an attacker to gain full local privilege escalation on the system. |
Additional Recommendations, if any: | We encourage customers to ensure their security software is always updated to the latest version available. |
NLOKSA1515 | Integer Overflow Local Privilege Escalation Vulnerability |
Advisory Status | CLOSED |
Summary | A vulnerability within the Avira network protection feature allowed an attacker with local execution rights to cause an overflow. This could corrupt the data on the heap and lead to a denial-of-service situation |
Affected Products | Avira Antivirus for Windows Endpointprotection.exe version before 1.0.2303.633 |
Issues | Mitigation Issue was fixed with Endpointprotection.exe version 1.0.2303.633 released on 03-04-2023. All users will receive the update automatically, no user action is required AcknowledgementsRac working with Trend Micro Zero Day Initiative |
CVE-2023-1900 | |
Severity/CVSSv3 |
Severity: High Score: 7.8 Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
References | https://nvd.nist.gov/vuln/detail/CVE-2023-1900 |
Impact | Integer Overflow Local Privilege Escalation Vulnerability |
Description | A vulnerability within the Avira network protection feature allowed an attacker with local execution rights to cause an overflow. This could corrupt the data on the heap and lead to a denial-of-service situation. Issue was fixed with Endpointprotection.exe version 1.0.2303.633 |
Additional Recommendations, if any: | We encourage customers to ensure their security software is always updated to the latest version available. |
NLOKSA1511 | Avira Security for Windows - Denial of Service |
Advisory Status | CLOSED |
Summary | Avira Security for Windows contains an unquoted service path which allows attackers with local administrative privileges to cause a Denial of Service |
Affected Products | Avira Security for Windows up to version 1.1.77 |
Issues | Mitigation Upgrade Avira Security for Windows to version 1.1.78. This version was released on 22 November 2022 to all customers. All users received the update automatically and do not need to take any action. AcknowledgementsYangHao / https://github.com/yanghaoi |
CVE-2022-4429 | |
Severity/CVSSv3 |
Severity: Medium Score: 5.3 Vector: https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H&version=3.1 |
References | https://nvd.nist.gov/vuln/detail/CVE-2022-4429 |
Impact | Denial of Service |
Description | Avira Security for Windows contains an unquoted service path which allows attackers with local administrative privileges to cause a Denial of ServiceThe issue was fixed with Avira Security version 1.1.78 |
Additional Recommendations, if any: | We encourage customers to ensure their security software are always updated to the latest version available. |
NLOKSA1510 | Norton, Avira, Avast and AVG Antivirus for Windows Privilege Escalation |
Advisory Status | CLOSED |
Summary | Norton, Avira, Avast and AVG Antivirus for Windows may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. |
Affected Products | Norton Antivirus Windows Eraser Engine Prior to 119.1.5.1Avira Security for Windows Prior to version 1.1.78Avast Antivirus Windows Prior to versions 22.10AVG Antivirus Windows Prior to versions 22.10 |
Issues | Mitigation Norton Antivirus: Run LiveUpdate, Updates to ERASER Engine 119.1.5.1, dated October 5th, 2022, or greaterAvira Antivirus: Upgrade Avira Security for Windows to version 1.1.78. This version was released on 22 November 2022 to all customers. All users received the update automatically and do not need to take any action.Avast and AVG Antivirus: Upgrade Avast and AVG Antivirus for Windows to version 22.10 released on 20 October 2022. By default, users of the affected versions should receive the update automatically, they only need to restart Windows to apply the update once Avast / AVG asks them to do so AcknowledgementsBahaa Naamneh, Crosspoint Labs |
CVE-2022-4294 | |
Severity/CVSSv3 |
Severity: High Score: 7.1 Vector: https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H&version=3.1 |
References | https://nvd.nist.gov/vuln/detail/CVE-2022-4294 |
Impact | Privilege Escalation |
Description | Norton, Avira, Avast and AVG Antivirus for Windows may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. The issue was fixed with Avast and AVG Antivirus version 22.10, Norton Antivirus ERASER Engine 119.1.5.1 and Avira Security version 1.1.78 |
Additional Recommendations, if any: | We encourage customers to ensure their security software are always updated to the latest version available. |
NLOKSA1509 | Aswjsflt.dll in Avast Antivirus windows caused a crash of the Mozilla Firefox browser due to heap corruption |
Advisory Status | CLOSED |
Summary | From October 6, 2022 to October 8, 2022, Avast Antivirus windows (Script Shield component versions 18.0.1473.0 and older) caused a crash of the Mozilla Firefox browser due to heap corruption occurring when the Avast DLL library was loaded. Avast and Mozilla have since been working together to mitigate the issue. Avast issued an update to its software on October 8, 2022, to version 18.0.1478. No user action is required as users received this update automatically. |
Affected Products | Script Shield component versions 18.0.1473.0 and older |
Issues | Mitigation Avast issued an update to its Script Shield software on October 8, 2022, to version 18.0.1478. No user action is required as users received this update automatically. AcknowledgementsMozilla |
CVE-2022-4291 | |
Severity/CVSSv3 |
Severity: High Score: 7.7 Vector: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L/RL:O/RC:R |
References | https://crash-stats.mozilla.org/report/index/926cf73c-7bdd-4774-a094-1e9f60221008https://nvd.nist.gov/vuln/detail/CVE-2022-4291 |
Impact | Heap Corruption |
Description | The aswjsflt.dll library from Avast Antivirus windows contained a potentially exploitable heap corruption vulnerability that could enable an attacker to bypass the sandbox of the application it was loaded into, if applicable. This issue was fixed in version 18.0.1478 of the Script Shield Component. |
Additional Recommendations, if any: | We encourage customers to ensure their security software – as well as their tech devices – are always updated to the latest version available. |
NLOKSA1508 | Avast and AVG Antivirus for Windows vulnerable to Privilege Escalation |
Advisory Status | CLOSED |
Summary | Avast has released an update to address an issue that was discovered in the malware removal functionality of Avast and AVG Antivirus. |
Affected Products | Avast Antivirus - up to version 22.9, starting with version 20.5AVG Antivirus - up to version 22.9, starting with version 20.5 |
Issues | Mitigation Upgrade Avast and AVG Antivirus for Windows to version 22.10 released on 20 October 2022. By default, users of the affected versions should receive the update automatically, they only need to restart Windows to apply the update once Avast / AVG asks them to do so. AcknowledgementsOr Yair / https://www.safebreach.com https://www.linkedin.com/in/or-yairhttps://twitter.com/oryair1999 |
CVE-2022-4173 | |
Severity/CVSSv3 |
Severity: High Score: 7.3 Vector: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
References | https://nvd.nist.gov/vuln/detail/CVE-2022-4173 |
Impact | Privilege Escalation |
Description | A vulnerability within the malware removal functionality of Avast and AVG Antivirus allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. The issue was fixed with Avast and AVG Antivirus version 22.10. |
Additional Recommendations, if any: | We encourage customers to ensure their security software are always updated to the latest version available. |
NLOKSA1507 | Software Updater of Avira Security for Windows vulnerable to Privilege Escalation |
Advisory Status | CLOSED |
Summary | NortonLifeLock has released an update to address an issue that was discovered in the software updater functionality of Avira Security. |
Affected Products | "Avira Security" – for Windows; up to version 1.1.71.30554 |
Issues | Mitigation Upgrade Avira Security for Windows to version 1.1.72.30556. This version was released on 15. August 2022 to all customers. All users received the update automatically and do not need to take any action. AcknowledgementsFilip Dragovic |
CVE-2022-3368 | |
Severity/CVSSv3 |
High Score: 7.3 Vector: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
References | Filip Dragovic |
Impact | Privilege Escalation |
Description | A vulnerability within the Software Updater functionality of Avira Security for Windows allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. The issue was fixed with Avira Security version 1.1.72.30556. |
Additional Recommendations, if any: | We encourage customers to ensure their security software – as well as their tech devices – are always updated to the latest version available. |
NLOKSA1506 | Avira Password Manager-Browser Extensions vulnerable to Sensitive Data Leakage via Phishing |
Advisory Status | CLOSED |
Summary | NortonLifeLock has released an update to address an issue that was discovered in Avira Password Manager Browser Extension |
Affected Products | Only the following software is affected:
|
Issues | Mitigation Upgrade extensions to following versions:
Users who have not disabled auto-updates receive the updated versions automatically and do not need to take any action AcknowledgementsStiftung Warentest |
CVE-2022-28795 | |
Severity/CVSSv3 |
Critical Score: 9.6 Vector: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |
References | https://nvd.nist.gov/vuln/detail/CVE-2022-28795 |
Impact | Sensitive Data Leakage |
Description | A vulnerability within the Avira Password Manager Browser Extensions provided a potential loophole where, if a user visited a page crafted by an attacker, the discovered vulnerability could trigger the Password Manager Extension to fill in the password field automatically. An attacker could then access this information via JavaScript. The issue was fixed with the browser extensions version 2.18.5 for Chrome, MS Edge, Opera, Firefox, and Safari. |
Additional Recommendations, if any: | We encourage customers to ensure their security software - as well as their tech devices - are always updated to the latest version available. In addition, we encourage users to use two-factor (2FA) authentication as an additional layer of security. |
Advisory Status |
|
Summary | --> |
Affected Products | |
Issues |
Mitigation Acknowledgements References Additional DataLegacy ID: {{ item.LEGACY_ID }} Owner: {{ item.OWNERNAME }} Created: {{ item.CREATEDATE }} Modified: {{ item.DATEMODIFIED }} Classification: {{ item.Classification }} |