Lucene search

[email protected]NVD:CVE-2019-11230

HistoryJul 18, 2019 - 5:15 p.m.

CVE-2019-11230

2019-07-1817:15:11

CWE-59

[email protected]

web.nvd.nist.gov

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

AI Score

4.8

Confidence

High

EPSS

Percentile

12.8%

JSON

In Avast Antivirus before 19.4, a local administrator can trick the product into renaming arbitrary files by replacing the Logs\Update.log file with a symlink. The next time the product attempts to write to the log file, the target of the symlink is renamed. This defect can be exploited to rename a critical product file (e.g., AvastSvc.exe), causing the product to fail to start on the next system restart.

Affected configurations

Nvd

Node

avastantivirusRange<19.4

VendorProductVersionCPE
avastantivirus*cpe:2.3:a:avast:antivirus:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
avast	antivirus	*	cpe:2.3:a:avast:antivirus::::::::

References

www.mcerlane.co.uk/CVE-2019-11230/

www.securityfocus.com/bid/109344

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

AI Score

4.8

Confidence

High

EPSS

Percentile

12.8%

JSON

Related for NVD:CVE-2019-11230

openvas1 prion1 cvelist1 cve1