CVE-2024-13961

HIGH

Avast Cleanup Premium <24.2.16593.17810 - Privilege Escalation

Title source: llm
STIX 2.1

Description

Link Following Local Privilege Escalation Vulnerability in TuneupSvc in Avast Cleanup Premium Version 24.2.16593.17810 on Windows 10 Pro x64 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via creating a symbolic link and leveraging a TOCTTOU (time-of-check to time-of-use) attack.

References (1)

Scores

CVSS v3 7.8
EPSS 0.0006
EPSS Percentile 19.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-367 CWE-59
Status published
Products (2)
Avast/CleanUp Premium 24.2.16593.17810
Avast/CleanUp Premium 24.3.17165.19178
Published May 09, 2025
Tracked Since Feb 18, 2026