CVE-2019-17190 : What You Need to Know
Discover the Local Privilege Escalation vulnerability in Avast Secure Browser version 76.0.1659.101. Learn about the impact, affected systems, exploitation, and mitigation steps.
A vulnerability has been identified in Avast Secure Browser 76.0.1659.101, allowing for Local Privilege Escalation.
Understanding CVE-2019-17190
What is CVE-2019-17190?
This CVE describes a Local Privilege Escalation vulnerability in Avast Secure Browser version 76.0.1659.101. The issue arises from insecure ACL settings during the update check process.
The Impact of CVE-2019-17190
The vulnerability allows a low-privileged attacker to escalate their privileges and gain unauthorized write access to system files, potentially leading to further exploitation.
Technical Details of CVE-2019-17190
Vulnerability Description
The vulnerability stems from AvastBrowserUpdate.exe setting insecure ACLs, granting excessive privileges to the 'Everyone' group during update checks, enabling unauthorized write access.
Affected Systems and Versions
- Product: Avast Secure Browser
- Version: 76.0.1659.101
Exploitation Mechanism
- Attacker creates a hard link named Update.ini, redirecting it to a file writable by NT AUTHORITY\SYSTEM.
- When AvastBrowserUpdate.exe is triggered, misconfigured DACL values from Update.ini transfer to the target file, granting write access to the attacker.
Mitigation and Prevention
Immediate Steps to Take
- Update Avast Secure Browser to the latest version.
- Monitor system files for unauthorized changes.
Long-Term Security Practices
- Implement the principle of least privilege to restrict user access.
- Regularly review and update ACL settings to ensure secure file permissions.
Patching and Updates
- Apply security patches and updates promptly to address known vulnerabilities.