CVE-2024-13944

Link Following Local Privilege Escalation Vulnerability in NortonUtilitiesSvc in Norton Utilities Ultimate (Also affects Avast CleanUp and AVG TuneUp)

CVSS 7.8 HIGHEPSS 0.1%CWE-367 CWE-59

Vexday Risk Score

21Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 7.8EPSS 0.1%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

09 mai 2025Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

Link Following Local Privilege Escalation Vulnerability in NortonUtilitiesSvc in Norton Utilities Ultimate Version 24.2.16862.6344 on Windows 10 Pro x64 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via the creation of a symbolic link and leveraging a TOCTTOU (time-of-check to time-of-use) attack.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Produtos afetados

Avast · CleanUp AVG · TuneUp Norton · Norton Utilities Ultimate

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://www.gendigital.com/us/en/contact-us/security-advisories/