Cyber Resilience

CVE-2024-13188

MediumPublic PoC

Published: 08 January 2025

Published
08 January 2025
Modified
09 October 2025
KEV Added
Patch
CVSS Score v4 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0006 20.4th percentile
Risk Priority 10 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-13188 is a medium-severity Incorrect Privilege Assignment (CWE-266) vulnerability in Escanav Escan Anti-Virus. Its CVSS base score is 4.8 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Services File Permissions Weakness (T1574.010); ranked at the 20.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2024-13188 is a vulnerability in MicroWorld eScan Antivirus version 7.0.32 on Linux systems, affecting an unknown functionality within the /opt/MicroWorld/var/ directory of the Installation Handler component. The issue involves incorrect default permissions (CWE-266 and CWE-276), which have been rated as critical with a CVSS v3.1 base score of 5.3 (AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). The vulnerability was publicly disclosed on January 8, 2025.

Exploitation requires local access with low privileges (PR:L) and low attack complexity (AC:L), with no user interaction needed. A local attacker can manipulate the affected component to exploit the incorrect default permissions, potentially resulting in low-level impacts on confidentiality, integrity, and availability (C:L/I:L/A:L).

Advisories from VulDB and a GitHub disclosure by hawkteam404 detail the issue but note no vendor response despite early contact. No patches or specific mitigations are available, and the exploit has been publicly released, increasing the risk of use by local attackers.

EU & UK References

Vulnerability details

A vulnerability was found in MicroWorld eScan Antivirus 7.0.32 on Linux. It has been rated as critical. Affected by this issue is some unknown functionality of the file /opt/MicroWorld/var/ of the component Installation Handler. The manipulation leads to incorrect default…

more

permissions. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1574.010 Services File Permissions Weakness Stealth
Adversaries may execute their own malicious payloads by hijacking the binaries used by services.
T1222.002 Linux and Mac Permissions Defense Impairment
Adversaries may modify file or directory permissions/attributes to evade access control lists (ACLs) and access protected files.
T1685 Disable or Modify Tools Defense Impairment
Adversaries may disable, degrade, or tamper with security tools or applications (e.
Why these techniques?

Incorrect default permissions on /opt/MicroWorld/var/ (Linux antivirus files/databases) enable exploitation of file system permissions weakness (T1044), modification of directories/files (T1222.002), disabling AV by deleting signatures (T1562.001), and privilege escalation via overwriting service/engine libraries (T1574.010).

CVEs Like This One

CVE-2025-1366Same product: Escanav Escan Anti-Virus
CVE-2025-0798Same product: Escanav Escan Anti-Virus
CVE-2024-13206Shared CWE-266, CWE-276
CVE-2021-47852Shared CWE-276
CVE-2025-24915Shared CWE-276
CVE-2025-10314Shared CWE-276
CVE-2021-47761Shared CWE-276
CVE-2025-57625Shared CWE-276
CVE-2025-8432Shared CWE-276
CVE-2025-60262Shared CWE-276

Affected Assets

escanav
escan anti-virus
7.0.32

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Establishes and enforces secure configuration settings for file permissions in the /opt/MicroWorld/var/ directory of the eScan Installation Handler to prevent incorrect defaults.

prevent

Applies least privilege to restrict access to the vulnerable Installation Handler component, mitigating exploitation by local low-privilege attackers exploiting permissive permissions.

prevent

Enforces approved access authorizations on system resources like the affected directory, directly countering unauthorized manipulation due to incorrect default permissions.

References