CVE-2018-12572

Exploit

EPSS 0.03%
Published 21.03.2019 16:00:14
Last modified 21.11.2024 03:45:27
Source cve@mitre.org
Teams watchlist Login
Open Login

Avast Free Antivirus prior to 19.1.2360 stores user credentials in memory upon login, which allows local users to obtain sensitive information by dumping AvastUI.exe application memory and parsing the data.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Avast ≫ Free Antivirus Version < 19.1.2360

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.064

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N

CWE-312 Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

http://packetstormsecurity.com/files/151590/Avast-Anti-Virus-Local-Credential-Disclosure.html

Third Party Advisory

Exploit

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2018-12572

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-12572

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-12572

EUVD