{"id":51210,"date":"2025-06-12T13:34:37","date_gmt":"2025-06-12T13:34:37","guid":{"rendered":""},"modified":"2025-06-18T05:18:45","modified_gmt":"2025-06-18T11:18:45","slug":"cve-2024-13959-local-privilege-escalation-vulnerability-in-avg-tuneup","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2024-13959-local-privilege-escalation-vulnerability-in-avg-tuneup\/","title":{"rendered":"CVE-2024-13959: Local Privilege Escalation Vulnerability in AVG TuneUp<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

The vulnerability in question, CVE-2024-13959, is a serious cybersecurity issue affecting AVG TuneUp 24.2.16593.9844 on Windows. The flaw allows local attackers to escalate their privileges and execute arbitrary code in the context of the SYSTEM through the creation of a symbolic link. By leveraging the service, they can delete a directory, which in turn, could potentially compromise the system or lead to data<\/a> leakage.
\nGiven the popularity and widespread usage of AVG TuneUp by both individual users and organizations, this vulnerability has a broad impact<\/a>. The fact that it allows local attackers to execute arbitrary code under the SYSTEM<\/a> context makes it a significant concern for all AVG TuneUp users.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2024-13959
\nSeverity: High (7.8 CVSS Score)
\nAttack Vector: Local
\nPrivileges Required: Low
\nUser Interaction: Required
\nImpact: Potential system<\/a> compromise or data leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n Share secrets securely\r\n <\/h2>\r\n\r\n

\r\n Ameeba is private infrastructure for communication and sensitive work built on encrypted identity instead of exposed corporate identity systems.\r\n <\/p>\r\n\r\n

\r\n Passwords, credentials, confidential files, screenshots, internal discussions, sensitive AI context, and private coordination should not become exposed across ordinary communication platforms.\r\n <\/p>\r\n\r\n