CVE-2022-3368

HIGH

Avira Security <1.1.72.30556 - Privilege Escalation

Title source: llm

Description

A vulnerability within the Software Updater functionality of Avira Security for Windows allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. The issue was fixed with Avira Security version 1.1.72.30556.

Exploits (2)

nomisec WORKING POC 29 stars

by Wh04m1001 · poc

https://github.com/Wh04m1001/CVE-2022-3368

View Code ZIP pw:eip

nomisec WORKING POC 7 stars

by byt3n33dl3 · poc

https://github.com/byt3n33dl3/CrackAVFee

View Code ZIP pw:eip

References (1)

Core 1

Core References

Vendor Advisory

https://support.norton.com/sp/static/external/tools/security-advisories.html

Scores

CVSS v3 7.3

EPSS 0.0310

EPSS Percentile 86.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-276

Status published

Products (1)

avira/avira_security < 1.1.71.30554

Published Oct 17, 2022

Tracked Since Feb 18, 2026