AVG TuneUp up to 24.2.16593.9844 on Windows TuneupSvc.exe link following
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 7.6 | $0-$5k | 0.00 |
Summary
A vulnerability marked as critical has been reported in AVG TuneUp up to 24.2.16593.9844 on Windows. The impacted element is an unknown function of the file TuneupSvc.exe. The manipulation leads to link following. This vulnerability is traded as CVE-2024-13959. An attack has to be approached locally. There is no exploit available. It is suggested to upgrade the affected component.
Details
A vulnerability was found in AVG TuneUp up to 24.2.16593.9844 on Windows. It has been rated as critical. This issue affects an unknown code of the file TuneupSvc.exe. The manipulation with an unknown input leads to a link following vulnerability. Using CWE to declare the problem leads to CWE-59. The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource. Impacted is confidentiality, integrity, and availability. The summary by CVE is:
Link Following Local Privilege Escalation Vulnerability in TuneupSvc.exe in AVG TuneUp 24.2.16593.9844 on Windows allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via creating a symbolic link and leveraging the service to delete a directory
The weakness was shared by Vladislav Berghici. The advisory is shared at gendigital.com. The identification of this vulnerability is CVE-2024-13959 since 05/09/2025. The exploitation is known to be easy. An attack has to be approached locally. Technical details are known, but no exploit is available.
Upgrading to version 24.3.17165.10564 eliminates this vulnerability.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Product
Vendor
Name
Version
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.8VulDB Meta Temp Score: 7.6
VulDB Base Score: 7.8
VulDB Temp Score: 7.5
VulDB Vector: 🔍
VulDB Reliability: 🔍
CNA Base Score: 7.8
CNA Vector (NLOK): 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Link followingCWE: CWE-59
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: No
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: TuneUp 24.3.17165.10564
Timeline
05/09/2025 🔍05/09/2025 🔍
05/09/2025 🔍
05/09/2025 🔍
Sources
Advisory: gendigital.comResearcher: Vladislav Berghici
Status: Confirmed
CVE: CVE-2024-13959 (🔍)
GCVE (CVE): GCVE-0-2024-13959
GCVE (VulDB): GCVE-100-308249
Entry
Created: 05/09/2025 23:59Changes: 05/09/2025 23:59 (66)
Complete: 🔍
Cache ID: 216::103
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
No comments yet. Languages: en.
Please log in to comment.