Vulnerability Description
Multiple privilege escalation vulnerabilities in Avast Antivirus prior to 20.4 allow a local user to gain elevated privileges by calling unnecessarily powerful internal methods of the main antivirus service which could lead to the (1) arbitrary file delete, (2) write and (3) reset security.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Avast | Antivirus | < 20.4 |
References
- https://github.com/the-deniss/Vulnerability-Disclosures/tree/main/CVE-2021-AVST1ExploitThird Party Advisory
- https://github.com/the-deniss/Vulnerability-Disclosures/tree/main/CVE-2021-AVST1ExploitThird Party Advisory
- https://github.com/the-deniss/Vulnerability-Disclosures/tree/main/CVE-2021-AVST1ExploitThird Party Advisory
- https://www.avast.com/hacker-hall-of-fame/en/researcher-david-eade-reports-antitVendor Advisory
- https://github.com/the-deniss/Vulnerability-Disclosures/tree/main/CVE-2021-AVST1ExploitThird Party Advisory
- https://github.com/the-deniss/Vulnerability-Disclosures/tree/main/CVE-2021-AVST1ExploitThird Party Advisory
- https://github.com/the-deniss/Vulnerability-Disclosures/tree/main/CVE-2021-AVST1ExploitThird Party Advisory
- https://www.avast.com/hacker-hall-of-fame/en/researcher-david-eade-reports-antitVendor Advisory
FAQ
What is CVE-2021-45338?
CVE-2021-45338 is a vulnerability with a CVSS score of 7.8 (HIGH). Multiple privilege escalation vulnerabilities in Avast Antivirus prior to 20.4 allow a local user to gain elevated privileges by calling unnecessarily powerful internal methods of the main antivirus s...
How severe is CVE-2021-45338?
CVE-2021-45338 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-45338?
Check the references section above for vendor advisories and patch information. Affected products include: Avast Antivirus.