CVE-2021-45335

moderate-risk
Published 2021-12-27

Sandbox component in Avast Antivirus prior to 20.4 has an insecure permission which could be abused by local user to control the outcome of scans, and therefore evade detection or delete arbitrary system files.

Do I need to act?

-
0.19% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
LOCAL / LOW complexity

Affected Products (1)

Affected Vendors

Avast

References (4)

Exploit https://github.com/the-deniss/Vulnerability-Disclosures/tree/main/CVE-2021-AVST3...
Vendor Advisory https://www.avast.com/hacker-hall-of-fame/en/researcher-david-eade-reports-antit...
Exploit https://github.com/the-deniss/Vulnerability-Disclosures/tree/main/CVE-2021-AVST3...
Vendor Advisory https://www.avast.com/hacker-hall-of-fame/en/researcher-david-eade-reports-antit...
33
/ 100
moderate-risk
Severity 27/34 · High
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal