CVE-2024-7231

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Nov 22, 2024
Updated: Dec 9, 2024
CWE ID 59

Summary

CVE-2024-7231 is a newly discovered local privilege escalation vulnerability affecting Avast Cleanup Premium. An attacker who has already gained the ability to execute low-privileged code on a target system can exploit this flaw. The vulnerability is linked to the Avast Cleanup Service, which can be manipulated through the creation of a symbolic link. By deleting a specific file using this technique, an attacker can escalate privileges and ultimately execute arbitrary code with SYSTEM-level access. This vulnerability, previously identified as ZDI-CAN-22894, poses a serious risk to affected installations.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Avast Cleanup Premium

Affected Vendors

  • Avast