CVE-2022-4173: 
AVG Antivirus vulnerability analysis and mitigation

A vulnerability within the malware removal functionality of Avast and AVG Antivirus allowed an attacker with write access to the filesystem to escalate privileges in certain scenarios. The vulnerability affected Avast and AVG Antivirus versions from 20.5 up to 22.9. The issue was discovered in 2022 and was fixed with the release of version 22.10 (Norton Advisory).

The vulnerability received a CVSS v3.1 Base Score of 7.3 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H. This indicates that the vulnerability requires local access, low attack complexity, low privileges, and user interaction to exploit. The vulnerability is classified under CWE-269 (Improper Privilege Management) (NVD).

The successful exploitation of this vulnerability could result in an attacker gaining elevated privileges on the affected system, potentially leading to complete system compromise. The vulnerability affects confidentiality, integrity, and availability of the system, all rated as High in the CVSS scoring (NVD).

Users of affected versions should upgrade to Avast and AVG Antivirus version 22.10 or later. The update was released on October 20, 2022, and should be received automatically by users. A system restart is required to apply the update when prompted by Avast/AVG (Norton Advisory).