CVE-2021-27241

CVSS 6.1 MEDIUMEPSS 0.3%CWE-59

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 6.1EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

29 Mar 2021Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

This vulnerability allows local attackers to delete arbitrary directories on affected installations of Avast Premium Security 20.8.2429 (Build 20.8.5653.561). An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AvastSvc.exe module. By creating a directory junction, an attacker can abuse the service to delete a directory. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-12082.

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Affected products

Avast · Premium Security

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.zerodayinitiative.com/advisories/ZDI-21-208/