CVE-2024-13944

Description

Link Following Local Privilege Escalation Vulnerability in NortonUtilitiesSvc in Norton Utilities Ultimate Version 24.2.16862.6344 on Windows 10 Pro x64 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via the creation of a symbolic link and leveraging a TOCTTOU (time-of-check to time-of-use) attack.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

Avast / CleanUp0 – 24.3.17165.19178
AVG / TuneUp0 – 24.3.17165.10564
Norton / Norton Utilities Ultimate0 – 24.3.17165.6812

References

VENDOR_ADVISORYhttps://www.gendigital.com/us/en/contact-us/security-advisories/