SB20240819162 - Multiple vulnerabilities in Avast Cleanup Premium

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB20240819162

SB20240819162 - Multiple vulnerabilities in Avast Cleanup Premium

Published: August 19, 2024

Security Bulletin ID SB20240819162
Severity
Low
Patch available
NO
Number of vulnerabilities 3
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Link following (CVE-ID: CVE-2024-7229)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a link following issue within the Avast Cleanup Service. A local user can create a symbolic link, abuse the service to delete a file and gain elevated privileges on the system.


2) Link following (CVE-ID: CVE-2024-7230)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a link following issue within the Avast Cleanup Service. A local user can create a symbolic link, abuse the service to delete a file and gain elevated privileges on the system.


3) Link following (CVE-ID: CVE-2024-7231)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a link following issue within the Avast Cleanup Service. A local user can create a symbolic link, abuse the service to delete a file and gain elevated privileges on the system.


Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References