CVE-2020-8987
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Avast AntiTrack before 1.5.1.172 and AVG Antitrack before 2.0.0.178 proxies traffic to HTTPS sites but does not validate certificates, and thus a man-in-the-middle can host a malicious website using a self-signed certificate. No special action necessary by the victim using AntiTrack with "Allow filtering of HTTPS traffic for tracking detection" enabled. (This is the default configuration.)
Avast AntiTrack versiones anteriores a 1.5.1.172 y AVG Antitrack versiones anteriores a 2.0.0.178, envían tráfico hacia los sitios HTTPS pero no se comprueban los certificados, por lo que un ataque de tipo man-in-the-middle puede alojar un sitio web malicioso usando un certificado autofirmado. Una víctima no necesita ninguna acción especial usando AntiTrack con "Allow filtering of HTTPS traffic for tracking detection" habilitado. (Esta es la configuración predeterminada.)
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-02-13 CVE Reserved
- 2020-03-09 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-295: Improper Certificate Validation
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://www.davideade.com/2020/03/avast-antitrack.html | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Avast Search vendor "Avast" | Antitrack Search vendor "Avast" for product "Antitrack" | < 1.5.1.172 Search vendor "Avast" for product "Antitrack" and version " < 1.5.1.172" | - |
Affected
| ||||||
Avast Search vendor "Avast" | Avg Antitrack Search vendor "Avast" for product "Avg Antitrack" | < 2.0.0.178 Search vendor "Avast" for product "Avg Antitrack" and version " < 2.0.0.178" | - |
Affected
|