CVE-2022-3368

🗓️ 17 Oct 2022 20:52:01Reported by NLOKType

cve🔗 web.nvd.nist.gov📰️ 4 Media mentions👁 72 Views🌐 WEB

A vulnerability in Avira Security for Windows allowed privilege escalation

Reporter	Title	Published	Views	Family All 11
GithubExploit	Exploit for Incorrect Default Permissions in Avira Avira_Security	18 Oct 202209:16	–	githubexploit
BDU FSTEC	The vulnerability of Avira Security’s update function allows attackers to enhance their privileges.	21 Oct 202200:00	–	bdu_fstec
Circl	CVE-2022-3368	18 Oct 202200:13	–	circl
CNNVD	Avira Security 安全漏洞	17 Oct 202200:00	–	cnnvd
Cvelist	CVE-2022-3368 Software Updater of Avira Security for Windows vulnerable to Privilege Escalation	17 Oct 202220:52	–	cvelist
EUVD	EUVD-2022-42748	3 Oct 202520:07	–	euvd
NVD	CVE-2022-3368	17 Oct 202221:15	–	nvd
OSV	CVE-2022-3368	17 Oct 202221:15	–	osv
Prion	Design/Logic Flaw	17 Oct 202221:15	–	prion
Positive Technologies	PT-2022-5144 · Avira · Avira Security	17 Oct 202200:00	–	ptsecurity

NVD

Node

avira avira_securityRange≤1.1.71.30554windows

[
  {
    "vendor": "Nortonlifelock",
    "product": "\"Avira Security\" – for Windows",
    "versions": [
      {
        "version": "all",
        "status": "affected",
        "lessThan": "1.1.71.30554",
        "versionType": "custom"
      }
    ],
    "platforms": [
      "Windows"
    ]
  }
]

Source	Link
support	www.support.norton.com/sp/static/external/tools/security-advisories.html

Parameter	Position	Path	Description	CWE
Temp	path	c:\\ProgramData\\Avira\\Security\\Temp	Arbitrary file move vulnerability in Avira Software Updater using temporary directory and junctions to escalate privileges	CWE-276
subdirectories	path	c:\\ProgramData\\Avira\\Security\\Temp	Arbitrary file move vulnerability in Avira Software Updater using temporary directory and junctions to escalate privileges	CWE-276
junction	path	c:\\ProgramData\\Avira\\Security\\Temp	Arbitrary file move vulnerability in Avira Software Updater using temporary directory and junctions to escalate privileges	CWE-276

17 Jun 2026 04:59Current

8High risk

Vulners AI Score8

CVSS 3.17.3 - 8.8

EPSS0.00823

SSVC

CWE-276