{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-3368", "assignerOrgId": "dbd8429d-f261-4b1e-94cc-ae3132817e2e", "assignerShortName": "NLOK", "datePublished": "2022-10-17T20:52:01.381845Z", "dateUpdated": "2024-09-17T04:03:45.212Z", "dateReserved": "2022-09-30T00:00:00"}, "containers": {"cna": {"title": "Software Updater of Avira Security for Windows vulnerable to Privilege Escalation", "datePublic": "2022-10-11T00:00:00", "providerMetadata": {"orgId": "dbd8429d-f261-4b1e-94cc-ae3132817e2e", "shortName": "NLOK", "dateUpdated": "2022-10-17T00:00:00"}, "descriptions": [{"lang": "en", "value": "A vulnerability within the Software Updater functionality of Avira Security for Windows allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. The issue was fixed with Avira Security version 1.1.72.30556."}], "affected": [{"vendor": "Nortonlifelock", "product": "\"Avira Security\" \u2013 for Windows", "versions": [{"version": "all", "status": "affected", "lessThan": "1.1.71.30554", "versionType": "custom"}], "platforms": ["Windows"]}], "references": [{"url": "https://support.norton.com/sp/static/external/tools/security-advisories.html"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "Privilege Escalation"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"advisory": "NLOKSA1507", "discovery": "EXTERNAL"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:07:06.506Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.norton.com/sp/static/external/tools/security-advisories.html", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:avira:avira_security:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1A9176EF-59A0-4484-B979-ACE5B1F944B1", "versionEndIncluding": "1.1.71.30554", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability within the Software Updater functionality of Avira Security for Windows allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. The issue was fixed with Avira Security version 1.1.72.30556."}, {"lang": "es", "value": "Una vulnerabilidad en la funcionalidad Software Updater de Avira Security for Windows permit\u00eda a un atacante con acceso de escritura al sistema de archivos escalar sus privilegios en determinados escenarios. El problema ha sido corregido con Avira Security versi\u00f3n 1.1.72.30556"}], "id": "CVE-2022-3368", "lastModified": "2024-11-21T07:19:22.987", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 5.9, "source": "security@nortonlifelock.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-10-17T21:15:10.513", "references": [{"source": "security@nortonlifelock.com", "tags": ["Vendor Advisory"], "url": "https://support.norton.com/sp/static/external/tools/security-advisories.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.norton.com/sp/static/external/tools/security-advisories.html"}], "sourceIdentifier": "security@nortonlifelock.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}