8.8
CVE-2022-3368
- EPSS 3.1%
- Veröffentlicht 17.10.2022 21:15:10
- Zuletzt bearbeitet 10.05.2025 03:15:21
- Quelle security@nortonlifelock.com
- CVE-Watchlists
- Unerledigt
LoginSoftware Updater of Avira Security for Windows vulnerable to Privilege Escalation
A vulnerability within the Software Updater functionality of Avira Security for Windows allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. The issue was fixed with Avira Security version 1.1.72.30556.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Avira ≫ Avira Security SwPlatformwindows Version <= 1.1.71.30554
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.1% | 0.869 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| security@nortonlifelock.com | 7.3 | 1.3 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
|
CWE-276 Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.