Main Vulnerability Database Vulnerabilities #VU64551

#VU64551 Permissions, Privileges, and Access Controls in Adaware Protect - CVE-2022-31464

Published: June 21, 2022

Vulnerability identifier: #VU64551

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-31464

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Adaware Protect

Software vendor:
Adaware

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insecure permissions configuration. A local user can change the service binary path and gain elevated privileges on the system.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://r0h1rr1m.medium.com/adaware-protect-local-privilege-escalation-through-insecure-service-permissions-44d0eeb6c933
https://www.adaware.com/