CVE-2024-7231 is a local privilege escalation vulnerability identified in Avast Cleanup Premium, specifically version 23.4 (build 15592). The vulnerability stems from improper handling of symbolic links (CWE-59) within the Avast Cleanup Service. The service fails to securely resolve symbolic links before performing file deletion operations. An attacker who already has the ability to execute code with low privileges on the affected system can create a malicious symbolic link that points to a sensitive file. When the Avast Cleanup Service processes this link, it inadvertently deletes or manipulates files it should not, allowing the attacker to escalate privileges to SYSTEM level. This escalation enables execution of arbitrary code with the highest system privileges, compromising the entire system. The vulnerability requires local access and prior low-privileged code execution but does not require user interaction. The CVSS v3.0 score is 7.8, reflecting high severity due to the potential for full system compromise. No patches were listed at the time of publication, and no active exploits are known in the wild, but the risk remains significant given the ease of exploitation once local code execution is achieved. This vulnerability was tracked by ZDI as ZDI-CAN-22894.

The impact of CVE-2024-7231 is substantial for organizations using Avast Cleanup Premium. Successful exploitation allows attackers to escalate privileges from a low-privileged user to SYSTEM, effectively gaining full control over the affected machine. This can lead to unauthorized access to sensitive data, installation of persistent malware, disruption of system availability, and complete compromise of system integrity. In enterprise environments, compromised endpoints could serve as pivot points for lateral movement, increasing the risk of widespread network breaches. Since the vulnerability requires local code execution, initial compromise vectors might include phishing, malicious insiders, or exploitation of other vulnerabilities. The ability to elevate privileges without user interaction makes this vulnerability particularly dangerous in automated attack scenarios. Organizations relying on Avast Cleanup Premium for system maintenance and optimization should consider this a critical risk to endpoint security.

To mitigate CVE-2024-7231, organizations should implement the following specific measures: 1) Immediately restrict local user permissions to prevent unauthorized code execution at low privilege levels. 2) Monitor and control the creation of symbolic links and suspicious file system activities, especially in directories accessed by Avast Cleanup Service. 3) Employ application whitelisting and endpoint detection and response (EDR) solutions to detect and block attempts to exploit this vulnerability. 4) Isolate critical systems and limit local administrative access to reduce the attack surface. 5) Regularly audit and harden system configurations to minimize opportunities for local code execution. 6) Stay alert for official patches or updates from Avast and apply them promptly once released. 7) Consider temporarily disabling or uninstalling Avast Cleanup Premium on critical systems if patching is delayed and risk is unacceptable. 8) Educate users and administrators about the risks of local privilege escalation and the importance of maintaining strict access controls.