Lucene search

[email protected]NVD:CVE-2022-37771

HistorySep 06, 2022 - 7:15 p.m.

CVE-2022-37771

2022-09-0619:15:08

CWE-732

[email protected]

web.nvd.nist.gov

iobit malware fighter

windows

tamper protection

bypass

privilege escalation

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

17.8%

JSON

IObit Malware Fighter v9.2 for Microsoft Windows lacks tamper protection, allowing authenticated attackers with Administrator privileges to modify processes within the application and escalate privileges to SYSTEM via a crafted executable.

Affected configurations

Nvd

Node

iobitmalware_fighterMatch9.2

AND

microsoftwindowsMatch-

VendorProductVersionCPE
iobitmalware_fighter9.2cpe:2.3:a:iobit:malware_fighter:9.2:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
iobit	malware_fighter	9.2	cpe:2.3:a:iobit:malware_fighter:9.2:::::::*
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*

References

mrvar0x.com/2022/08/02/multiple-endpoints-security-tampering-exploit/

packetstormsecurity.com/files/167913/IObit-Malware-Fighter-9.2-Tampering-Privilege-Escalation.html

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

17.8%

JSON

Related for NVD:CVE-2022-37771

prion1 cve1 cvelist1