CVE-2021-45338: 
Avast Antivirus vulnerability analysis and mitigation

Multiple privilege escalation vulnerabilities were discovered in Avast Antivirus versions prior to 20.4. The vulnerability, tracked as CVE-2021-45338, was disclosed on December 27, 2021. The issue affects the main antivirus service, which exposed unnecessarily powerful internal methods that could be exploited by local users (NVD).

The vulnerability has a CVSS v3.1 Base Score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability allows local users to gain elevated privileges through three main attack vectors: arbitrary file delete, write operations, and security reset capabilities. These vulnerabilities stem from the exposure of powerful internal methods within the main antivirus service (NVD).

The successful exploitation of this vulnerability could lead to complete system compromise through elevated privileges. The impact spans across confidentiality, integrity, and availability, all rated as High in the CVSS scoring. This means an attacker could potentially gain full control over the affected system, modify system files, and impact system availability (NVD).

The primary mitigation is to upgrade Avast Antivirus to version 20.4 or later, which contains fixes for these vulnerabilities. No alternative workarounds have been publicly documented (NVD).