CVE-2022-3368

HIGH

Avira Security <1.1.72.30556 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2022-3368. PoCs published by Wh04m1001, byt3n33dl3.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2022-3368, leveraging oplock manipulation and symbolic link abuse to achieve local privilege escalation (LPE) on Windows systems. The code demonstrates the creation of junctions, file handle manipulation, and DLL hijacking to trigger arbitrary code execution in a privileged context.

Description

A vulnerability within the Software Updater functionality of Avira Security for Windows allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. The issue was fixed with Avira Security version 1.1.72.30556.

Exploits (2)

nomisec WORKING POC 29 stars

by Wh04m1001 · poc

https://github.com/Wh04m1001/CVE-2022-3368

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2022-3368, leveraging oplock manipulation and symbolic link abuse to achieve local privilege escalation (LPE) on Windows systems. The code demonstrates the creation of junctions, file handle manipulation, and DLL hijacking to trigger arbitrary code execution in a privileged context.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Racy

Target: Microsoft Windows (specific versions affected by CVE-2022-3368)

Auth required

Prerequisites: Local access to the target system · Ability to create symbolic links and junctions · Presence of vulnerable Windows version

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548.002 - Bypass User Account Control

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC 7 stars

by byt3n33dl3 · poc

https://github.com/byt3n33dl3/CrackAVFee

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2022-3368, leveraging oplock manipulation and symbolic link abuse to achieve local privilege escalation (LPE) on Windows systems. The exploit involves creating junctions, manipulating file handles, and triggering DLL loading to escalate privileges.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Racy

Target: Windows Update Agent (WUA) on Windows systems

No auth needed

Prerequisites: Local access to the target system · Ability to create symbolic links and junctions · Presence of vulnerable Windows Update Agent

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548.002 - Bypass User Account Control

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory

https://support.norton.com/sp/static/external/tools/security-advisories.html

Scores

CVSS v3 7.3

EPSS 0.0082

EPSS Percentile 52.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-276

Status published

Products (1)

avira/avira_security < 1.1.71.30554

Published Oct 17, 2022

Tracked Since Feb 18, 2026