CVE-2024-13188
Published: 08 January 2025
Description
Adversaries may disable, degrade, or tamper with security tools or applications (e.
Security Summary
CVE-2024-13188 is a vulnerability in MicroWorld eScan Antivirus version 7.0.32 on Linux systems, affecting an unknown functionality within the /opt/MicroWorld/var/ directory of the Installation Handler component. The issue involves incorrect default permissions (CWE-266 and CWE-276), which have been rated as critical with a CVSS v3.1 base score of 5.3 (AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). The vulnerability was publicly disclosed on January 8, 2025.
Exploitation requires local access with low privileges (PR:L) and low attack complexity (AC:L), with no user interaction needed. A local attacker can manipulate the affected component to exploit the incorrect default permissions, potentially resulting in low-level impacts on confidentiality, integrity, and availability (C:L/I:L/A:L).
Advisories from VulDB and a GitHub disclosure by hawkteam404 detail the issue but note no vendor response despite early contact. No patches or specific mitigations are available, and the exploit has been publicly released, increasing the risk of use by local attackers.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Incorrect default permissions on /opt/MicroWorld/var/ (Linux antivirus files/databases) enable exploitation of file system permissions weakness (T1044), modification of directories/files (T1222.002), disabling AV by deleting signatures (T1562.001), and privilege escalation via overwriting service/engine libraries (T1574.010).