Vulnerabilities > CVE-2021-45339 - Incorrect Authorization vulnerability in Avast Antivirus

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

avast

CWE-863

NVD

Published: 2021-12-27

Updated: 2022-07-12

Summary

Privilege escalation vulnerability in Avast Antivirus prior to 20.4 allows a local user to gain elevated privileges by "hollowing" trusted process which could lead to the bypassing of Avast self-defense.

Vulnerable Configurations

Part	Description	Count
Application	Avast Avast Antivirus 8.0.1489 Avast Antivirus 8.0.1497 Avast Antivirus 8.0.1500 Avast Antivirus 8.0.1501 Avast Antivirus 8.0.1504 Avast Antivirus 8.0.1506 Avast Antivirus 12.1.2272 Avast Antivirus 12.2.2276 Avast Antivirus 12.3.2279 Avast Antivirus 17.1.2286 Avast Antivirus 17.2.2288 Avast Antivirus 17.3.2290 Avast Antivirus 17.3.2291 Avast Antivirus 17.4.2294 Avast Antivirus 17.5.2302 Avast Antivirus 17.6.2310 Avast Antivirus 17.7.2314 Avast Antivirus 17.8.2318 Avast Antivirus 17.9.2322 Avast Antivirus 18.1.2326 Avast Antivirus 18.2.2328 Avast Antivirus 18.3.2333 Avast Antivirus 18.4.2338 Avast Antivirus 18.5.2342 Avast Antivirus 18.6.2349 Avast Antivirus 18.7.2354 Avast Antivirus 18.8.2356 Avast Antivirus 19.1 Avast Antivirus 19.3.2369 Avast Antivirus 19.4 Avast Antivirus 19.4.2374 Avast Antivirus 19.5.2378 Avast Antivirus 19.6.2383 Avast Antivirus 19.7.2388 Avast Antivirus 19.8 Avast Antivirus 19.8.2393 Avast Antivirus 20.0 Avast Antivirus 20.1.5069.562	40

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References