#VU102525 Link following in Avira Prime and Avira System Speedup - CVE-2024-9523

Cybersecurity Help s.r.o.

Published: 2025-01-10

Vulnerability identifier: #VU102525

Vulnerability risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-9523

CWE-ID: CWE-59

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Avira Prime
Client/Desktop applications / Antivirus software/Personal firewalls
Avira System Speedup
Client/Desktop applications / Antivirus software/Personal firewalls

Vendor: Avira Operations GmbH & Co. KG

Description

The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to insecure link following within the System Speedup Service. A local user can delete a file and gain elevated privileges on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Avira Prime: All versions

Avira System Speedup: before 6.27

External links
https://www.zerodayinitiative.com/advisories/ZDI-25-023/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Avira Prime