CVE-2024-13188
Published: 08 January 2025
Summary
CVE-2024-13188 is a medium-severity Incorrect Privilege Assignment (CWE-266) vulnerability in Escanav Escan Anti-Virus. Its CVSS base score is 5.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Services File Permissions Weakness (T1574.010); ranked at the 14.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Establishes and enforces secure configuration settings for file permissions in the /opt/MicroWorld/var/ directory of the eScan Installation Handler to prevent incorrect defaults.
Applies least privilege to restrict access to the vulnerable Installation Handler component, mitigating exploitation by local low-privilege attackers exploiting permissive permissions.
Enforces approved access authorizations on system resources like the affected directory, directly countering unauthorized manipulation due to incorrect default permissions.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Incorrect default permissions on /opt/MicroWorld/var/ (Linux antivirus files/databases) enable exploitation of file system permissions weakness (T1044), modification of directories/files (T1222.002), disabling AV by deleting signatures (T1562.001), and privilege escalation via overwriting service/engine libraries (T1574.010).
NVD Description
A vulnerability was found in MicroWorld eScan Antivirus 7.0.32 on Linux. It has been rated as critical. Affected by this issue is some unknown functionality of the file /opt/MicroWorld/var/ of the component Installation Handler. The manipulation leads to incorrect default…
more
permissions. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Deeper analysisAI
CVE-2024-13188 is a vulnerability in MicroWorld eScan Antivirus version 7.0.32 on Linux systems, affecting an unknown functionality within the /opt/MicroWorld/var/ directory of the Installation Handler component. The issue involves incorrect default permissions (CWE-266 and CWE-276), which have been rated as critical with a CVSS v3.1 base score of 5.3 (AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). The vulnerability was publicly disclosed on January 8, 2025.
Exploitation requires local access with low privileges (PR:L) and low attack complexity (AC:L), with no user interaction needed. A local attacker can manipulate the affected component to exploit the incorrect default permissions, potentially resulting in low-level impacts on confidentiality, integrity, and availability (C:L/I:L/A:L).
Advisories from VulDB and a GitHub disclosure by hawkteam404 detail the issue but note no vendor response despite early contact. No patches or specific mitigations are available, and the exploit has been publicly released, increasing the risk of use by local attackers.
Details
- CWE(s)