{"id":51210,"date":"2025-06-12T13:34:37","date_gmt":"2025-06-12T13:34:37","guid":{"rendered":""},"modified":"2025-06-18T05:18:45","modified_gmt":"2025-06-18T11:18:45","slug":"cve-2024-13959-local-privilege-escalation-vulnerability-in-avg-tuneup","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2024-13959-local-privilege-escalation-vulnerability-in-avg-tuneup\/","title":{"rendered":"CVE-2024-13959: Local Privilege Escalation Vulnerability in AVG TuneUp<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

The vulnerability in question, CVE-2024-13959, is a serious cybersecurity issue affecting AVG TuneUp 24.2.16593.9844 on Windows. The flaw allows local attackers to escalate their privileges and execute arbitrary code in the context of the SYSTEM through the creation of a symbolic link. By leveraging the service, they can delete a directory, which in turn, could potentially compromise the system or lead to data<\/a> leakage.
\nGiven the popularity and widespread usage of AVG TuneUp by both individual users and organizations, this vulnerability has a broad impact<\/a>. The fact that it allows local attackers to execute arbitrary code under the SYSTEM<\/a> context makes it a significant concern for all AVG TuneUp users.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2024-13959
\nSeverity: High (7.8 CVSS Score)
\nAttack Vector: Local
\nPrivileges Required: Low
\nUser Interaction: Required
\nImpact: Potential system<\/a> compromise or data leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n A new way to communicate\r\n <\/h2>\r\n\r\n

\r\n Ameeba Chat is built on encrypted identity, not personal profiles.\r\n <\/p>\r\n\r\n

\r\n Message, call, share files, and coordinate with identities kept separate.\r\n <\/p>\r\n\r\n