Brash in defense Norton, Avira, Avast and AVG allows cybercriminals to easily increase privileges

Vulnerability affected several products of Nortonlifelock (Gendigital): Norton Antivirus Windows Eraser Engine, Avira Security, Avast Antivirus and Avg Antivirus. Brashi in defense assigned the identifier cve-2022-4294 and a score 7.1 on the scale of CVSS.

According to message published norton, vulnerability is associated with increased privileges and was Fixed in Avast and AVG version 22.10, Norton versions 119.1.5.1 and Avira Security version 1.1.78. The company strongly recommends its clients to update antivirus software to recent available versions.

Norton said that the CVE-2022-4294 was eliminated in updates that were released in the fall of 2022:

  • October 5 for Norton;

  • October 20 for Avast and AVG;

  • November 22 for avira.

Vulnerability helped to detect Bahaa Naamnech, an employee of the IB-company Crosspoint Labs. Nortonlifelock noted him in her message about the elimination of CVE-2022-4294.

/Media reports cited above.