Login Sign Up

CVE-2024-13188

5.3 MEDIUM

📋 TL;DR

This vulnerability in MicroWorld eScan Antivirus 7.0.32 on Linux allows local attackers to exploit incorrect default permissions in the installation handler component. Attackers with local access can potentially escalate privileges or modify protected files. Only Linux systems running the affected antivirus version are impacted.

💻 Affected Systems

Products:
  • MicroWorld eScan Antivirus
Versions: 7.0.32
Operating Systems: Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects the Linux version, specifically the installation handler component in /opt/MicroWorld/var/

📦 What is this software?

Escan Anti Virus by Escanav

View all CVEs affecting Escan Anti Virus →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation leading to full system compromise, antivirus bypass, or persistence mechanisms installation

🟠

Likely Case

Unauthorized file modification in protected directories, potential antivirus evasion, or limited privilege escalation

🟢

If Mitigated

Minimal impact if proper access controls and least privilege principles are enforced on the system

🌐 Internet-Facing: LOW - Requires local access, not remotely exploitable
🏢 Internal Only: HIGH - Local attackers or compromised accounts can exploit this vulnerability

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit details are publicly available on GitHub, requires local access to the system

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Consider alternative antivirus solutions or implement workarounds.

🔧 Temporary Workarounds

Correct directory permissions

linux

Manually set proper permissions on the vulnerable directory to prevent unauthorized access

sudo chmod 750 /opt/MicroWorld/var/
sudo chown root:root /opt/MicroWorld/var/

Remove unnecessary access

linux

Restrict access to the installation handler directory to only necessary users/groups

sudo chmod 700 /opt/MicroWorld/var/
sudo setfacl -m u:escanuser:rwx /opt/MicroWorld/var/

🧯 If You Can't Patch

  • Implement strict access controls and least privilege principles on affected systems
  • Monitor file system changes in /opt/MicroWorld/var/ directory using auditd or similar tools

🔍 How to Verify

Check if Vulnerable:

Check if eScan Antivirus version 7.0.32 is installed and examine permissions on /opt/MicroWorld/var/ directory

Check Version:

rpm -qa | grep escan or dpkg -l | grep escan

Verify Fix Applied:

Verify directory permissions are properly set (e.g., 750 or more restrictive) and owned by root

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized access attempts to /opt/MicroWorld/var/
  • Permission changes on protected directories
  • Suspicious file modifications in antivirus directories

Network Indicators:

  • None - local-only vulnerability

SIEM Query:

source="audit.log" AND (path="/opt/MicroWorld/var/*" OR perm_changed="*MicroWorld*")

📊 Metadata

CVE ID: CVE-2024-13188
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-266
EPSS Score: 0.05% exploit probability (14.8th percentile)
Published: January 8, 2025
Last Updated: October 9, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-13188, you might also want to check these:

CVE-2026-23800 10.0

This vulnerability allows attackers to escalate privileges in Modular DS modular-connector WordPress...

Same vulnerability type (CWE-266)
CVE-2026-23550 10.0

This critical vulnerability in Modular DS allows attackers to escalate privileges due to incorrect p...

Same vulnerability type (CWE-266)
CVE-2025-41115 10.0

A critical vulnerability in Grafana's SCIM provisioning allows malicious SCIM clients to provision u...

Same vulnerability type (CWE-266)