CVE-2022-3368: Software Updater of Avira Security for Windows vulnerable to Privilege Escalation

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-3368

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Software Updater of Avira Security for Windows vulnerable to Privilege Escalation

Source: NVD (National Vulnerability Database)

Vulnerability Description

A vulnerability within the Software Updater functionality of Avira Security for Windows allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. The issue was fixed with Avira Security version 1.1.72.30556.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Avira Security 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Avira Security是德国Avira公司的一个软件套件。包括防病毒保护、防勒索软件保护等。 Avira Security for Windows 1.1.72.30556之前版本存在安全漏洞，该漏洞源于软件更新程序功能允许对文件系统具有写入权限的攻击者在某些情况下提升权限。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Nortonlifelock	"Avira Security" – for Windows	all ~ 1.1.71.30554	-

II. Public POCs for CVE-2022-3368

#	POC Description	Source Link	Shenlong Link
1	None	https://github.com/Wh04m1001/CVE-2022-3368	POC Details
2	it's a CVE-2022-3368 ( patched ), but feel free to use it for check any outdated software or reseach	https://github.com/pxcs/CrackAVFee	POC Details
3	it's a CVE-2022-3368 ( patched ), but feel free to use it for check any outdated software or reseach	https://github.com/byt3n33dl3/CrackAVFee	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2022-3368

Please Login to view more intelligence information

IV. Related Vulnerabilities

Same vendor: Nortonlifelock

V. Comments for CVE-2022-3368

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2022-3368

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2022-3368

III. Intelligence Information for CVE-2022-3368

IV. Related Vulnerabilities

V. Comments for CVE-2022-3368

Leave a comment