CVE-2016-4025
MEDIUMAvast - Auth Bypass
Title source: llmDescription
Avast Internet Security v11.x.x, Pro Antivirus v11.x.x, Premier v11.x.x, Free Antivirus v11.x.x, Business Security v11.x.x, Endpoint Protection v8.x.x, Endpoint Protection Plus v8.x.x, Endpoint Protection Suite v8.x.x, Endpoint Protection Suite Plus v8.x.x, File Server Security v8.x.x, and Email Server Security v8.x.x allow attackers to bypass the DeepScreen feature via a DeviceIoControl call.
Scores
CVSS v3
5.5
EPSS
0.0006
EPSS Percentile
19.6%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Classification
CWE
CWE-254
Status
published
Affected Products (43)
avast/business_security
avast/business_security
avast/business_security
avast/business_security
avast/business_security
avast/business_security
avast/free_antivirus
avast/free_antivirus
avast/free_antivirus
avast/free_antivirus
avast/free_antivirus
avast/free_antivirus
avast/internet_security
avast/internet_security
avast/internet_security
... and 28 more
Timeline
Published
Nov 03, 2016
Tracked Since
Feb 18, 2026