CVE-2021-45335
HIGHAvast Antivirus < 20.4 - Incorrect Default Permissions in Sandbox Component
Title source: llmDescription
Sandbox component in Avast Antivirus prior to 20.4 has an insecure permission which could be abused by local user to control the outcome of scans, and therefore evade detection or delete arbitrary system files.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.avast.com/hacker-hall-of-fame/en/researcher-david-eade-reports-antitrack-bug-to-avast-0
Exploit, Third Party Advisory x_refsource_misc
https://github.com/the-deniss/Vulnerability-Disclosures/tree/main/CVE-2021-AVST3%20%26%20CVE-2021-AVST4%20%26%20CVE-2021-AVST5
Scores
CVSS v3
8.8
EPSS
0.0038
EPSS Percentile
29.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-276
Status
published
Products (1)
avast/antivirus
< 20.4
Published
Dec 27, 2021
Tracked Since
Feb 18, 2026