CVE-2024-13206
Published: 09 January 2025
Description
A vulnerability classified as critical has been found in REVE Antivirus 1.0.0.0 on Linux. This affects an unknown part of the file /usr/local/reveantivirus/tmp/reveinstall. The manipulation leads to incorrect default permissions. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Security Summary
CVE-2024-13206 is a critical vulnerability in REVE Antivirus version 1.0.0.0 running on Linux systems, specifically affecting the file /usr/local/reveantivirus/tmp/reveinstall due to incorrect default permissions (CWE-276 and CWE-266). This flaw allows manipulation that results in improper privilege assignment, earning a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). The issue was publicly disclosed on January 9, 2025.
A local attacker with low privileges (PR:L) can exploit this vulnerability directly on the host without user interaction, achieving high impacts on confidentiality, integrity, and availability. By leveraging the misconfigured permissions in the reveinstall file, an attacker could potentially escalate privileges, modify critical files, or execute arbitrary code within the antivirus component's context.
Advisories from VulDB and a GitHub disclosure by hawkteam404 detail the vulnerability but note no vendor response despite early contact; no patches or official mitigations are available. Security practitioners should verify and manually correct permissions on the affected file path, monitor for exploit attempts, and consider alternative antivirus solutions until REVE provides updates.
The exploit has been publicly released and may be actively used, increasing risk for deployments of this unpatched software.
Details
- CWE(s)