What is the severity of CVE-2024-5102?

CVE-2024-5102 is considered a high severity vulnerability due to its potential for privilege escalation.

How do I fix CVE-2024-5102?

To fix CVE-2024-5102, update Avast Antivirus to version 24.2 or later.

What is the impact of CVE-2024-5102?

The impact of CVE-2024-5102 includes the ability for a user to delete arbitrary files or run processes with NT AUTHORITY\SYSTEM privileges.

Which versions of Avast Antivirus are affected by CVE-2024-5102?

CVE-2024-5102 affects versions of Avast Antivirus prior to 24.2.

Where can I find more information about CVE-2024-5102?

More information about CVE-2024-5102 can typically be found in the security advisories released by Avast.

Vulnerability/
CVE-2024-5102

high

7.3

CWE

1284 59

EPSS

0.043%

10/6/2024

21/11/2024

CVE-2024-5102: Elevation of Privelage via symlinked file in Avast Antivirus

First published: Mon Jun 10 2024(Updated: )

A sym-linked file accessed via the repair function in Avast Antivirus <24.2 on Windows may allow user to elevate privilege to delete arbitrary files or run processes as NT AUTHORITY\SYSTEM. The vulnerability exists within the "Repair" (settings -> troubleshooting -> repair) feature, which attempts to delete a file in the current user's AppData directory as NT AUTHORITY\SYSTEM. A low-privileged user can make a pseudo-symlink and a junction folder and point to a file on the system. This can provide a low-privileged user an Elevation of Privilege to win a race-condition which will re-create the system files and make Windows callback to a specially-crafted file which could be used to launch a privileged shell instance. This issue affects Avast Antivirus prior to 24.2.

Credit: security@nortonlifelock.com

Affected Software	Affected Version	How to fix
All of
Avast Antivirus	<24.2
Microsoft Windows

Never miss a vulnerability like this again

Reference Links

https://support.norton.com/sp/static/external/tools/security-advisories.html

Frequently Asked Questions

What is the severity of CVE-2024-5102?
CVE-2024-5102 is considered a high severity vulnerability due to its potential for privilege escalation.
How do I fix CVE-2024-5102?
To fix CVE-2024-5102, update Avast Antivirus to version 24.2 or later.
What is the impact of CVE-2024-5102?
The impact of CVE-2024-5102 includes the ability for a user to delete arbitrary files or run processes with NT AUTHORITY\SYSTEM privileges.
Which versions of Avast Antivirus are affected by CVE-2024-5102?
CVE-2024-5102 affects versions of Avast Antivirus prior to 24.2.
Where can I find more information about CVE-2024-5102?
More information about CVE-2024-5102 can typically be found in the security advisories released by Avast.

agent/title
agent/references
agent/first-publish-date
agent/description
agent/type
agent/author
agent/event
agent/weakness
agent/softwarecombine
agent/severity
collector/epss-latest
source/FIRST
agent/epss
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/avast
canonical/avast antivirus
vendor/microsoft
canonical/microsoft windows

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.