CVE-2022-4173 HIGH

CVE-2022-4173: Avast and AVG Antivirus for Windows vulnerable to Privilege Escalation

Vendor Nortonlifelock

Product Avast and AVG Antivirus

Weakness CWE-269

Published December 5, 2022

Last update April 14, 2025

View on NVD All CVEs

CVSS base score

7.3/10

Attack vector Local

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A vulnerability within the malware removal functionality of Avast and AVG Antivirus allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. The issue was fixed with Avast and AVG Antivirus version 22.10.

Key dates

02Disclosure timeline

December 5, 2022 CVE published

April 14, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-4173 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/269.html

Related vulnerabilities

04Related CVE

CVE-2024-2432 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability CVE-2022-1397 API Privilege Escalation in alextselegidis/easyappointments CVE-2026-11616 Events Calendar for GeoDirectory <= 2.3.28 - Authenticated (Subscriber+) Privilege Escalation CVE-2024-11721 Frontend Admin by DynamiApps <= 3.24.5 - Unauthenticated Privilege Escalation CVE-2026-0920 LA-Studio Element Kit for Elementor <= 1.5.6.3 - Unauthenticated Privilege Escalation via Backdoor to Administrative User Creation via lakit_bkrole parameter

Identifiers

CVE CVE-2022-4173

CWE CWE-269

CVSS 7.3 / HIGH

Affected versions

Vendor Nortonlifelock

Product Avast and AVG Antivirus

Affected ≥ 20.5 and ≤ 22.9