OpenCVE

Local Privilege Escalation in AVG Internet Security v24 on Windows allows a local unprivileged user to escalate privileges to SYSTEM via COM-Hijacking.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Avg	Internet Security

Configuration 1 [-]

cpe:2.3:a:avg:internet_security:*:*:*:*:*:windows:*:*

No data.

References

Link	Providers
https://www.cirosec.de/sa/sa-2023-008

History

Wed, 02 Oct 2024 17:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:avg:internet_security::::::windows::*

Thu, 12 Sep 2024 16:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Avg Avg internet Security
CPEs		cpe:2.3:a:avg:internet_security::::::::
Vendors & Products		Avg Avg internet Security
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 12 Sep 2024 14:30:00 +0000

Type	Values Removed	Values Added
Description		Local Privilege Escalation in AVG Internet Security v24 on Windows allows a local unprivileged user to escalate privileges to SYSTEM via COM-Hijacking.
Title		Local privilege escalation vulnerability in AVG Internet Security
Weaknesses		CWE-427 CWE-732 CWE-749
References		https://www.cirosec.de/sa/sa-2023-008
Metrics		cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: cirosec

Published: 2024-09-12T14:18:32.152Z

Updated: 2024-09-12T15:12:46.476Z

Reserved: 2024-07-04T11:20:14.543Z

Link: CVE-2024-6510

Vulnrichment

Updated: 2024-09-12T15:12:41.773Z

NVD

Status : Analyzed

Published: 2024-09-12T15:18:26.347

Modified: 2024-10-02T17:17:46.450

Link: CVE-2024-6510

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-6510", "assignerOrgId": "a341c0d1-ebf7-493f-a84e-38cf86618674", "state": "PUBLISHED", "assignerShortName": "cirosec", "dateReserved": "2024-07-04T11:20:14.543Z", "datePublished": "2024-09-12T14:18:32.152Z", "dateUpdated": "2024-09-12T15:12:46.476Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "Internet Security", "vendor": "AVG", "versions": [{"lessThanOrEqual": "24.0", "status": "affected", "version": "0", "versionType": "semver"}, {"status": "unaffected", "version": "24.1"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Kolja Grassmann <kolja.grassmann@cirosec.de>"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Local Privilege Escalation in AVG Internet Security v24 on Windows allows a local unprivileged user to escalate privileges to SYSTEM via COM-Hijacking. <br><div><div><div>\n\n</div>\n\n</div>\n\n</div>"}], "value": "Local Privilege Escalation in AVG Internet Security v24 on Windows allows a local unprivileged user to escalate privileges to SYSTEM via COM-Hijacking."}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-749", "description": "CWE-749 Exposed Dangerous Method or Function", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-427", "description": "CWE-427 Uncontrolled Search Path Element", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-732", "description": "CWE-732 Incorrect Permission Assignment for Critical Resource", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a341c0d1-ebf7-493f-a84e-38cf86618674", "shortName": "cirosec", "dateUpdated": "2024-09-12T14:18:32.152Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://www.cirosec.de/sa/sa-2023-008"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update \nAVG Internet Security to 24.1"}], "value": "Update \nAVG Internet Security to 24.1"}], "source": {"advisory": "SA-2023-008", "discovery": "USER"}, "title": "Local privilege escalation vulnerability in AVG Internet Security", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "avg", "product": "internet_security", "cpes": ["cpe:2.3:a:avg:internet_security:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThan": "24.0", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-12T15:10:17.552802Z", "id": "CVE-2024-6510", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-12T15:12:46.476Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-6510", "assignerOrgId": "a341c0d1-ebf7-493f-a84e-38cf86618674", "state": "PUBLISHED", "assignerShortName": "cirosec", "dateReserved": "2024-07-04T11:20:14.543Z", "datePublished": "2024-09-12T14:18:32.152Z", "dateUpdated": "2024-09-12T15:12:46.476Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "Internet Security", "vendor": "AVG", "versions": [{"lessThanOrEqual": "24.0", "status": "affected", "version": "0", "versionType": "semver"}, {"status": "unaffected", "version": "24.1"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Kolja Grassmann <kolja.grassmann@cirosec.de>"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Local Privilege Escalation in AVG Internet Security v24 on Windows allows a local unprivileged user to escalate privileges to SYSTEM via COM-Hijacking. <br><div><div><div>\n\n</div>\n\n</div>\n\n</div>"}], "value": "Local Privilege Escalation in AVG Internet Security v24 on Windows allows a local unprivileged user to escalate privileges to SYSTEM via COM-Hijacking."}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-749", "description": "CWE-749 Exposed Dangerous Method or Function", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-427", "description": "CWE-427 Uncontrolled Search Path Element", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-732", "description": "CWE-732 Incorrect Permission Assignment for Critical Resource", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a341c0d1-ebf7-493f-a84e-38cf86618674", "shortName": "cirosec", "dateUpdated": "2024-09-12T14:18:32.152Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://www.cirosec.de/sa/sa-2023-008"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update \nAVG Internet Security to 24.1"}], "value": "Update \nAVG Internet Security to 24.1"}], "source": {"advisory": "SA-2023-008", "discovery": "USER"}, "title": "Local privilege escalation vulnerability in AVG Internet Security", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-6510", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-12T15:10:17.552802Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:avg:internet_security:*:*:*:*:*:*:*:*"], "vendor": "avg", "product": "internet_security", "versions": [{"status": "affected", "version": "0", "lessThan": "24.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-12T15:12:41.773Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:avg:internet_security:*:*:*:*:*:windows:*:*", "matchCriteriaId": "CC4689F8-6777-46DE-8C27-4C2AA3E4F4E6", "versionEndExcluding": "24.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Local Privilege Escalation in AVG Internet Security v24 on Windows allows a local unprivileged user to escalate privileges to SYSTEM via COM-Hijacking."}, {"lang": "es", "value": "La escalada de privilegios locales en AVG Internet Security v24 en Windows permite que un usuario local sin privilegios escale permisos al SYSTEM a trav\u00e9s de secuestro de COM."}], "id": "CVE-2024-6510", "lastModified": "2024-10-02T17:17:46.450", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.1, "impactScore": 6.0, "source": "a341c0d1-ebf7-493f-a84e-38cf86618674", "type": "Secondary"}]}, "published": "2024-09-12T15:18:26.347", "references": [{"source": "a341c0d1-ebf7-493f-a84e-38cf86618674", "tags": ["Third Party Advisory"], "url": "https://www.cirosec.de/sa/sa-2023-008"}], "sourceIdentifier": "a341c0d1-ebf7-493f-a84e-38cf86618674", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-427"}, {"lang": "en", "value": "CWE-732"}, {"lang": "en", "value": "CWE-749"}], "source": "a341c0d1-ebf7-493f-a84e-38cf86618674", "type": "Secondary"}]}