CVE-2020-8961
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in Avira Free-Antivirus before 15.0.2004.1825. The Self-Protection feature does not prohibit a write operation from an external process. Thus, code injection can be used to turn off this feature. After that, one can construct an event that will modify a file at a specific location, and pass this event to the driver, thereby defeating the anti-virus functionality.
Se detectó un problema en Avira Free-Antivirus versiones anteriores a 15.0.2004.1825. La funcionalidad Self-Protection no prohíbe una operación de escritura desde un proceso externo. Por lo tanto, una inyección de código puede ser usada para desactivar esta función. Después de eso, se puede construir un evento que modificará un archivo en una ubicación específica y pasar este evento al controlador, lo cual anulará la funcionalidad antivirus.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-02-12 CVE Reserved
- 2020-04-09 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://support.avira.com/hc/en-us/articles/360000109798-Avira-Antivirus-for-Windows | 2021-07-21 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Avira Search vendor "Avira" | Free Antivirus Search vendor "Avira" for product "Free Antivirus" | < 15.0.2004.1825 Search vendor "Avira" for product "Free Antivirus" and version " < 15.0.2004.1825" | - |
Affected
| ||||||