Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-45338

Multiple privilege escalation vulnerabilities in Avast Antivirus prior to 20.4 allow a local user to gain elevated privileges by calling unnecessarily powerful internal methods of the main antivirus service which could lead to the (1) arbitrary file delete, (2) write and (3) reset security.

Published

2021-12-27T14:15:08.170

Last Modified

2024-11-21T06:32:06.587

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	avast	antivirus	< 20.4	Yes

References

https://github.com/the-deniss/Vulnerability-Disclosures/tree/main/CVE-2021-AVST1.1 Exploit, Third Party Advisory ([email protected])
https://github.com/the-deniss/Vulnerability-Disclosures/tree/main/CVE-2021-AVST1.2 Exploit, Third Party Advisory ([email protected])
https://github.com/the-deniss/Vulnerability-Disclosures/tree/main/CVE-2021-AVST1.3 Exploit, Third Party Advisory ([email protected])
https://www.avast.com/hacker-hall-of-fame/en/researcher-david-eade-reports-antitrack-bug-to-avast-0 Vendor Advisory ([email protected])
https://github.com/the-deniss/Vulnerability-Disclosures/tree/main/CVE-2021-AVST1.1 Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/the-deniss/Vulnerability-Disclosures/tree/main/CVE-2021-AVST1.2 Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/the-deniss/Vulnerability-Disclosures/tree/main/CVE-2021-AVST1.3 Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.avast.com/hacker-hall-of-fame/en/researcher-david-eade-reports-antitrack-bug-to-avast-0 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)