Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-45335

Sandbox component in Avast Antivirus prior to 20.4 has an insecure permission which could be abused by local user to control the outcome of scans, and therefore evade detection or delete arbitrary system files.

Published

2021-12-27T14:15:07.580

Last Modified

2024-11-21T06:32:06.200

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Primary
CWE-276

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	avast	antivirus	< 20.4	Yes

References

https://github.com/the-deniss/Vulnerability-Disclosures/tree/main/CVE-2021-AVST3%20%26%20CVE-2021-AVST4%20%26%20CVE-2021-AVST5 Exploit, Third Party Advisory ([email protected])
https://www.avast.com/hacker-hall-of-fame/en/researcher-david-eade-reports-antitrack-bug-to-avast-0 Vendor Advisory ([email protected])
https://github.com/the-deniss/Vulnerability-Disclosures/tree/main/CVE-2021-AVST3%20%26%20CVE-2021-AVST4%20%26%20CVE-2021-AVST5 Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.avast.com/hacker-hall-of-fame/en/researcher-david-eade-reports-antitrack-bug-to-avast-0 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)