CVE-2020-10180
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The ESET AV parsing engine allows virus-detection bypass via a crafted BZ2 Checksum field in an archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security, and NOD32 Antivirus 4 for Linux Desktop.
El motor de análisis de ESET AV, permite omitir la detección de virus por medio de un campo BZ2 Checksum diseñado en un archivo. Esto afecta a las versiones anteriores a 1294 de Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security y NOD32 Antivirus 4 para Linux Desktop.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-03-05 CVE Reserved
- 2020-03-05 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-436: Interpretation Conflict
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://blog.zoller.lu/p/tzo-11-2020-eset-generic-malformed.html | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Eset Search vendor "Eset" | Cyber Security Search vendor "Eset" for product "Cyber Security" | < 1294 Search vendor "Eset" for product "Cyber Security" and version " < 1294" | macos |
Affected
| ||||||
| Eset Search vendor "Eset" | Cyber Security Search vendor "Eset" for product "Cyber Security" | < 1294 Search vendor "Eset" for product "Cyber Security" and version " < 1294" | pro, macos |
Affected
| ||||||
| Eset Search vendor "Eset" | Mobile Security Search vendor "Eset" for product "Mobile Security" | < 1294 Search vendor "Eset" for product "Mobile Security" and version " < 1294" | android |
Affected
| ||||||
| Eset Search vendor "Eset" | Nod32 Antivirus Search vendor "Eset" for product "Nod32 Antivirus" | < 1294 Search vendor "Eset" for product "Nod32 Antivirus" and version " < 1294" | - |
Affected
| ||||||
| Eset Search vendor "Eset" | Nod32 Antivirus Search vendor "Eset" for product "Nod32 Antivirus" | 4 Search vendor "Eset" for product "Nod32 Antivirus" and version "4" | linux |
Affected
| ||||||
| Eset Search vendor "Eset" | Smart Security Search vendor "Eset" for product "Smart Security" | < 1294 Search vendor "Eset" for product "Smart Security" and version " < 1294" | - |
Affected
| ||||||
| Eset Search vendor "Eset" | Smart Security Search vendor "Eset" for product "Smart Security" | < 1294 Search vendor "Eset" for product "Smart Security" and version " < 1294" | premium |
Affected
| ||||||
| Eset Search vendor "Eset" | Smart Tv Security Search vendor "Eset" for product "Smart Tv Security" | < 1294 Search vendor "Eset" for product "Smart Tv Security" and version " < 1294" | - |
Affected
| ||||||