Vulnerabilities > CVE-2021-45339 - Incorrect Authorization vulnerability in Avast Antivirus

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

avast

CWE-863

NVD

Published: 2021-12-27

Updated: 2022-07-12

Summary

Privilege escalation vulnerability in Avast Antivirus prior to 20.4 allows a local user to gain elevated privileges by "hollowing" trusted process which could lead to the bypassing of Avast self-defense.

Vulnerable Configurations

Part	Description	Count
Application	Avast Avast Antivirus 8.0.1489 Avast Antivirus 8.0.1497 Avast Antivirus 8.0.1500 Avast Antivirus 8.0.1501 Avast Antivirus 8.0.1504 Avast Antivirus 8.0.1506 Avast Antivirus 12.1.2272 Avast Antivirus 12.2.2276 Avast Antivirus 12.3.2279 Avast Antivirus 17.1.2286 Avast Antivirus 17.2.2288 Avast Antivirus 17.3.2290 Avast Antivirus 17.3.2291 Avast Antivirus 17.4.2294 Avast Antivirus 17.5.2302 Avast Antivirus 17.6.2310 Avast Antivirus 17.7.2314 Avast Antivirus 17.8.2318 Avast Antivirus 17.9.2322 Avast Antivirus 18.1.2326 Avast Antivirus 18.2.2328 Avast Antivirus 18.3.2333 Avast Antivirus 18.4.2338 Avast Antivirus 18.5.2342 Avast Antivirus 18.6.2349 Avast Antivirus 18.7.2354 Avast Antivirus 18.8.2356 Avast Antivirus 19.1 Avast Antivirus 19.3.2369 Avast Antivirus 19.4 Avast Antivirus 19.4.2374 Avast Antivirus 19.5.2378 Avast Antivirus 19.6.2383 Avast Antivirus 19.7 Avast Antivirus 19.7.2388 Avast Antivirus 19.8 Avast Antivirus 19.8.2393 Avast Antivirus 20.0 Avast Antivirus 20.1.5069.562	41

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References