Privilege escalation vulnerability in the Self-Defense driver of Avast Antivirus prior to 20.8 allows a local user with SYSTEM privileges to gain elevated privileges by "hollowing" process wsc_proxy.exe which could lead to acquire antimalware (AM-PPL) protection.
References
Link | Resource |
---|---|
https://github.com/the-deniss/Vulnerability-Disclosures/tree/main/CVE-2021-AVST3%20%26%20CVE-2021-AVST4%20%26%20CVE-2021-AVST5 | Exploit Third Party Advisory |
https://www.avast.com/hacker-hall-of-fame/en/researcher-david-eade-reports-antitrack-bug-to-avast-0 | Vendor Advisory |
Configurations
History
12 Jul 2022, 17:42
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-noinfo |
07 Jan 2022, 17:46
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:avast:antivirus:*:*:*:*:*:*:*:* | |
CWE | CWE-269 | |
CVSS |
v2 : v3 : |
v2 : 7.2
v3 : 8.8 |
References | (MISC) https://github.com/the-deniss/Vulnerability-Disclosures/tree/main/CVE-2021-AVST3%20%26%20CVE-2021-AVST4%20%26%20CVE-2021-AVST5 - Exploit, Third Party Advisory | |
References | (MISC) https://www.avast.com/hacker-hall-of-fame/en/researcher-david-eade-reports-antitrack-bug-to-avast-0 - Vendor Advisory |
27 Dec 2021, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-12-27 14:15
Updated : 2024-02-04 22:08
NVD link : CVE-2021-45337
Mitre link : CVE-2021-45337
CVE.ORG link : CVE-2021-45337
JSON object : View
Products Affected
avast
- antivirus
CWE