CVE-2021-45335 – This vulnerability in Avast Antivirus allows lo... (How to Fix)

Q: What is the severity of CVE-2021-45335?

CVE-2021-45335 has a CVSS score of 8.8 (HIGH). This vulnerability in Avast Antivirus allows local users to manipulate the sandbox component's permissions to control scan outcomes, potentially evading malware detection or deleting arbitrary system files. It affects Avast Antivirus versions prior to 20.4. The risk is primarily to systems with local user access running vulnerable Avast versions.

📋 TL;DR

This vulnerability in Avast Antivirus allows local users to manipulate the sandbox component's permissions to control scan outcomes, potentially evading malware detection or deleting arbitrary system files. It affects Avast Antivirus versions prior to 20.4. The risk is primarily to systems with local user access running vulnerable Avast versions.

💻 Affected Systems

Products:

Avast Antivirus

Versions: Versions prior to 20.4

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires local user access to the system. The sandbox component is part of Avast's security architecture.

📦 What is this software?

Antivirus by Avast

View all CVEs affecting Antivirus →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with local access could delete critical system files causing system instability or complete compromise, or disable malware detection allowing undetected malicious activity.

🟠

Likely Case

Local privilege escalation allowing manipulation of antivirus scans to hide malicious files or delete user/system files.

🟢

If Mitigated

With proper access controls and updated software, the vulnerability is eliminated and no impact occurs.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring local system access, not directly exploitable over the internet.

🏢 Internal Only: HIGH - Local users on affected systems can exploit this to gain elevated privileges and manipulate antivirus functionality.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access but is relatively straightforward once access is obtained. Public disclosure includes technical details.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Avast Antivirus 20.4 and later

Vendor Advisory: https://www.avast.com/hacker-hall-of-fame/en/researcher-david-eade-reports-antitrack-bug-to-avast-0

Restart Required: Yes

Instructions:

1. Open Avast Antivirus. 2. Go to Settings > Update. 3. Click 'Update' to check for updates. 4. Install any available updates. 5. Restart the computer if prompted.

🔧 Temporary Workarounds

Restrict local user access

windows

Limit local user accounts to only trusted users and implement principle of least privilege.

Temporary disable sandbox (not recommended)

windows

Disable Avast's sandbox feature as temporary mitigation, but this reduces security.

🧯 If You Can't Patch

Implement strict access controls to limit local user access to affected systems
Monitor for suspicious file deletion or antivirus manipulation activities

🔍 How to Verify

Check if Vulnerable:

Check Avast version: Open Avast > Menu > About Avast. If version is below 20.4, system is vulnerable.

Check Version:

wmic product where "name like 'Avast%'" get version

Verify Fix Applied:

After updating, verify version is 20.4 or higher in About Avast. Test that sandbox permissions are properly restricted.

📡 Detection & Monitoring

Log Indicators:

Unusual file deletion events in Windows Event Logs
Avast scan manipulation or failure logs
Permission modification attempts on Avast directories

Network Indicators:

Not applicable - local vulnerability

SIEM Query:

EventID=4663 OR EventID=4656 AND ObjectName LIKE '%Avast%' AND AccessMask=0x100 OR ProcessName='avastui.exe' AND CommandLine LIKE '%sandbox%'

📊 Metadata

CVE ID: CVE-2021-45335

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-276

Published: December 27, 2021

Last Updated: November 21, 2024

🔗 References

https://github.com/the-deniss/Vulnerability-Disclosures/tree/main/CVE-2021-AVST3%20%26%20CVE-2021-AVST4%20%26%20CVE-2021-AVST5 Exploit,Third Party Advisory
https://www.avast.com/hacker-hall-of-fame/en/researcher-david-eade-reports-antitrack-bug-to-avast-0 Vendor Advisory
https://github.com/the-deniss/Vulnerability-Disclosures/tree/main/CVE-2021-AVST3%20%26%20CVE-2021-AVST4%20%26%20CVE-2021-AVST5 Exploit,Third Party Advisory
https://www.avast.com/hacker-hall-of-fame/en/researcher-david-eade-reports-antitrack-bug-to-avast-0 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-45335, you might also want to check these: