Privilege escalation in Comodo Antivirus



Published: 2022-06-22
Risk Low
Patch available NO
Number of vulnerabilities 1
CVE-ID CVE-2022-34008
CWE-ID CWE-264
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe 		Comodo Antivirus
Client/Desktop applications / Antivirus software/Personal firewalls

Vendor Comodo Group

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU64587

Risk: Low

CVSSv3.1: 7.1 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]

CVE-ID: CVE-2022-34008

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a quarantine flaw. A local user can send a specially crafted request using an NTFS directory junction and restore a malicious DLL from quarantine into the System32 folder.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Comodo Antivirus: 12.2.2.8012

External links

http://antivirus.comodo.com/
http://r0h1rr1m.medium.com/comodo-antivirus-local-privilege-escalation-through-insecure-file-move-476a4601d9b8


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###