How severe is CVE-2023-42125?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2023-42125?

This is classified as CWE-706, which is a common weakness in software security.

CVE-2023-42125 - HIGH Severity | CVSS 7.8

Vulnerability Description

Avast Premium Security Sandbox Protection Link Following Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the implementation of the sandbox feature. By creating a symbolic link, an attacker can abuse the service to create arbitrary namespace objects. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. . Was ZDI-CAN-20383.

Related Vulnerabilities

CVE-2019-0571

HIGH

CVSS:7.8(High)

An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This a...

CWE-7062019

CVE-2021-47261

HIGH

CVSS:7.8(High)

In the Linux kernel, the following vulnerability has been resolved: IB/mlx5: Fix initializing CQ fragments buffer The function init_cq_frag_buf() can be called to initialize the current CQ fragments b...

CWE-7062021

CVE-2018-12020

HIGH

CVSS:7.5(High)

mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to...

CWE-7062018

CVE-2019-1351

HIGH

CVSS:7.5(High)

A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka 'Git for Visual Studio Tampering Vulnerability'.

CWE-7062019

CVE-2020-35894

HIGH

CVSS:7.5(High)

An issue was discovered in the obstack crate before 0.1.4 for Rust. Unaligned references can occur.

CWE-7062020

CVE-2021-27306

HIGH

CVSS:7.5(High)

An improper access control vulnerability in the JWT plugin in Kong Gateway prior to 2.3.2.0 allows unauthenticated users access to authenticated routes without a valid token JWT.

CWE-7062021