CVE-2022-4294 - OpenCVE

Norton, Avira, Avast and AVG Antivirus for Windows may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Avast	Antivirus
Avg	Antivirus
Avira	Avira Security
Microsoft	Windows
Norton	Power Eraser

Configuration 1 [-]

OR	cpe:2.3:a:avira:avira_security::::::windows::*
	cpe:2.3:a:norton:power_eraser::::::windows::*

Configuration 2 [-]

AND

OR	cpe:2.3:a:avast:antivirus::::::::
	cpe:2.3:a:avg:antivirus::::::::

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://support.norton.com/sp/static/external/tools/security-advisories.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: NLOK

Published: 2023-01-10T09:14:47.102Z

Updated: 2024-08-03T01:34:50.109Z

Reserved: 2022-12-05T17:46:00.115Z

Link: CVE-2022-4294

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-01-10T10:15:12.933

Modified: 2023-11-07T03:57:26.887

Link: CVE-2022-4294

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-4294", "assignerOrgId": "dbd8429d-f261-4b1e-94cc-ae3132817e2e", "state": "PUBLISHED", "assignerShortName": "NLOK", "dateReserved": "2022-12-05T17:46:00.115Z", "datePublished": "2023-01-10T09:14:47.102Z", "dateUpdated": "2024-08-03T01:34:50.109Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "Norton Antivirus Windows Eraser Engine", "vendor": "NortonLifelock (GenDigital)", "versions": [{"status": "affected", "version": "prior to 119.1.5.1"}]}, {"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "Avira Security ", "vendor": "NortonLifelock (GenDigital)", "versions": [{"status": "affected", "version": "prior to 1.1.78"}]}, {"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "Avast Antivirus", "vendor": "NortonLifelock (GenDigital)", "versions": [{"status": "affected", "version": "Prior to 22.10"}]}, {"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "AVG Antivirus", "vendor": "NortonLifelock (GenDigital)", "versions": [{"status": "affected", "version": "Prior to 22.10"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Norton, Avira, Avast and AVG Antivirus for Windows may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.</span><br>"}], "value": "Norton, Avira, Avast and AVG Antivirus for Windows may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.\n"}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "dbd8429d-f261-4b1e-94cc-ae3132817e2e", "shortName": "NLOK", "dateUpdated": "2023-01-10T09:22:11.371Z"}, "references": [{"url": "https://support.norton.com/sp/static/external/tools/security-advisories.html"}], "source": {"discovery": "UNKNOWN"}, "title": "Norton, Avira, Avast and AVG Antivirus for Windows Privilege Escalation", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:34:50.109Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.norton.com/sp/static/external/tools/security-advisories.html", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:avira:avira_security:*:*:*:*:*:windows:*:*", "matchCriteriaId": "AE949420-907D-4EBC-945B-A3EBEEC08532", "versionEndExcluding": "1.1.78", "vulnerable": true}, {"criteria": "cpe:2.3:a:norton:power_eraser:*:*:*:*:*:windows:*:*", "matchCriteriaId": "7703323C-C9D2-4338-864A-1AA2F99821FA", "versionEndExcluding": "119.1.5.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:avast:antivirus:*:*:*:*:*:*:*:*", "matchCriteriaId": "22365077-58F2-4607-8EB8-79CDDF74348D", "versionEndExcluding": "22.10", "vulnerable": true}, {"criteria": "cpe:2.3:a:avg:antivirus:*:*:*:*:*:*:*:*", "matchCriteriaId": "AADAEC20-387E-4CF4-B0A5-DE5C9092C37A", "versionEndExcluding": "22.10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Norton, Avira, Avast and AVG Antivirus for Windows may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.\n"}], "id": "CVE-2022-4294", "lastModified": "2023-11-07T03:57:26.887", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "security@nortonlifelock.com", "type": "Secondary"}]}, "published": "2023-01-10T10:15:12.933", "references": [{"source": "security@nortonlifelock.com", "tags": ["Vendor Advisory"], "url": "https://support.norton.com/sp/static/external/tools/security-advisories.html"}], "sourceIdentifier": "security@nortonlifelock.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-269"}], "source": "security@nortonlifelock.com", "type": "Secondary"}]}