CVE-2021-45335

Sandbox component in Avast Antivirus prior to 20.4 has an insecure permission which could be abused by local user to control the outcome of scans, and therefore evade detection or delete arbitrary system files.
Configurations

Configuration 1 (hide)

cpe:2.3:a:avast:antivirus:*:*:*:*:*:*:*:*

History

07 Jan 2022, 17:29

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : 7.2
v3 : 8.8
CPE cpe:2.3:a:avast:antivirus:*:*:*:*:*:*:*:*
CWE CWE-276
References (MISC) https://github.com/the-deniss/Vulnerability-Disclosures/tree/main/CVE-2021-AVST3%20%26%20CVE-2021-AVST4%20%26%20CVE-2021-AVST5 - (MISC) https://github.com/the-deniss/Vulnerability-Disclosures/tree/main/CVE-2021-AVST3%20%26%20CVE-2021-AVST4%20%26%20CVE-2021-AVST5 - Exploit, Third Party Advisory
References (MISC) https://www.avast.com/hacker-hall-of-fame/en/researcher-david-eade-reports-antitrack-bug-to-avast-0 - (MISC) https://www.avast.com/hacker-hall-of-fame/en/researcher-david-eade-reports-antitrack-bug-to-avast-0 - Vendor Advisory

27 Dec 2021, 14:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-12-27 14:15

Updated : 2024-02-04 22:08


NVD link : CVE-2021-45335

Mitre link : CVE-2021-45335

CVE.ORG link : CVE-2021-45335


JSON object : View

Products Affected

avast

  • antivirus
CWE
CWE-276

Incorrect Default Permissions