CVE-2019-18894

In Avast Premium Security 19.8.2393, attackers can send a specially crafted request to the local web server run by Avast Antivirus on port 27275 to support Bank Mode functionality. A flaw in the processing of a command allows execution of arbitrary OS commands with the privileges of the currently logged in user. This allows for example attackers who compromised a browser extension to escape from the browser sandbox.

CVSS v3 7.8 HIGH
CVSS v2.0 9.3 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://palant.de/2020/01/13/pwning-avast-secure-browser-for-fun-and-profit/	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:avast:premium_security:19.8.2393:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-01-13 17:15

Updated : 2023-12-10 13:13

NVD link : CVE-2019-18894

Mitre link : CVE-2019-18894

CVE.ORG link : CVE-2019-18894

JSON object : View

Products Affected

avast

premium_security

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2019-18894", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2020-01-13T17:15:11.633", "references": [{"url": "https://palant.de/2020/01/13/pwning-avast-secure-browser-for-fun-and-profit/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "In Avast Premium Security 19.8.2393, attackers can send a specially crafted request to the local web server run by Avast Antivirus on port 27275 to support Bank Mode functionality. A flaw in the processing of a command allows execution of arbitrary OS commands with the privileges of the currently logged in user. This allows for example attackers who compromised a browser extension to escape from the browser sandbox."}, {"lang": "es", "value": "En Avast Premium Security versi\u00f3n 19.8.2393, los atacantes pueden enviar una petici\u00f3n especialmente dise\u00f1ada hacia el servidor web local ejecutado por Avast Antivirus en el puerto 27275 para admitir la funcionalidad Bank Mode. Un fallo en el procesamiento de un comando permite una ejecuci\u00f3n de comandos de Sistema Operativo arbitrarios con los privilegios del usuario actualmente conectado. Esto permite, por ejemplo, que los atacantes que comprometieron una extensi\u00f3n del navegador para escapar del sandbox del navegador."}], "lastModified": "2020-01-21T20:30:39.110", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:avast:premium_security:19.8.2393:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9AE6BD45-D8CE-48A0-8429-5275739D8D00"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}