Lucene search

MitreCVE-2021-45336

HistoryDec 27, 2021 - 2:15 p.m.

CVE-2021-45336

2021-12-2714:15:07

mitre

web.nvd.nist.gov

cve-2021-45336

avast antivirus

privilege escalation

sandbox

vulnerability

local exploit

system ipc

security

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.001

Percentile

17.8%

JSON

Privilege escalation vulnerability in the Sandbox component of Avast Antivirus prior to 20.4 allows a local sandboxed code to gain elevated privileges by using system IPC interfaces which could lead to exit the sandbox and acquire SYSTEM privileges.

Affected configurations

Nvd

Node

avastantivirusRange<20.4

VendorProductVersionCPE
avastantivirus*cpe:2.3:a:avast:antivirus:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
avast	antivirus	*	cpe:2.3:a:avast:antivirus::::::::

References

github.com/the-deniss/Vulnerability-Disclosures/tree/main/CVE-2021-AVST3%20%26%20CVE-2021-AVST4%20%26%20CVE-2021-AVST5

www.avast.com/hacker-hall-of-fame/en/researcher-david-eade-reports-antitrack-bug-to-avast-0

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.001

Percentile

17.8%

JSON

Related for CVE-2021-45336