CVE-2020-9320
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Avira AV Engine before 8.3.54.138 allows virus-detection bypass via a crafted ISO archive. This affects versions before 8.3.54.138 of Antivirus for Endpoint, Antivirus for Small Business, Exchange Security (Gateway), Internet Security Suite for Windows, Prime, Free Security Suite for Windows, and Cross Platform Anti-malware SDK. NOTE: Vendor asserts that vulnerability does not exist in product
** EN DISPUTA ** Avira AV Engine versiones anteriores a 8.3.54.138, permite omitir la detección de virus por medio de un archivo ISO diseñado. Esto afecta a las versiones anteriores a 8.3.54.138 de Antivirus para Endpoint, Antivirus para Small Business, Exchange Security (Gateway), Internet Security Suite para Windows, Prime, Free Security Suite para Windows y Cross Platparam Anti-malware SDK. NOTA: El vendedor afirma que la vulnerabilidad no existe en el producto
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-02-20 CVE Reserved
- 2020-02-20 CVE Published
- 2024-07-18 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-434: Unrestricted Upload of File with Dangerous Type
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/156472/AVIRA-Generic-Malformed-Container-Bypass.html | Third Party Advisory |
|
| http://seclists.org/fulldisclosure/2020/Feb/31 | Mailing List |
|
| https://blog.zoller.lu/p/from-low-hanging-fruit-department-avira.html | Third Party Advisory | |
| https://www.zoller.lu/%5BTZO-01-2020%5D%20AVIRA%20Generic%20Bypass%20ISO.pdf | X_refsource_misc |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Avira Search vendor "Avira" | Anti-malware Sdk Search vendor "Avira" for product "Anti-malware Sdk" | < 8.3.54.138 Search vendor "Avira" for product "Anti-malware Sdk" and version " < 8.3.54.138" | - |
Affected
| ||||||
| Avira Search vendor "Avira" | Antivirus Server Search vendor "Avira" for product "Antivirus Server" | < 8.3.54.138 Search vendor "Avira" for product "Antivirus Server" and version " < 8.3.54.138" | - |
Affected
| ||||||
| Avira Search vendor "Avira" | Avira Antivirus For Endpoint Search vendor "Avira" for product "Avira Antivirus For Endpoint" | < 8.3.54.138 Search vendor "Avira" for product "Avira Antivirus For Endpoint" and version " < 8.3.54.138" | - |
Affected
| ||||||
| Avira Search vendor "Avira" | Avira Antivirus For Small Business Search vendor "Avira" for product "Avira Antivirus For Small Business" | < 8.3.54.138 Search vendor "Avira" for product "Avira Antivirus For Small Business" and version " < 8.3.54.138" | - |
Affected
| ||||||
| Avira Search vendor "Avira" | Avira Exchange Security Search vendor "Avira" for product "Avira Exchange Security" | < 8.3.54.138 Search vendor "Avira" for product "Avira Exchange Security" and version " < 8.3.54.138" | - |
Affected
| ||||||
| Avira Search vendor "Avira" | Avira Free Security Suite Search vendor "Avira" for product "Avira Free Security Suite" | < 8.3.54.138 Search vendor "Avira" for product "Avira Free Security Suite" and version " < 8.3.54.138" | windows |
Affected
| ||||||
| Avira Search vendor "Avira" | Avira Internet Security Suite Search vendor "Avira" for product "Avira Internet Security Suite" | < 8.3.54.138 Search vendor "Avira" for product "Avira Internet Security Suite" and version " < 8.3.54.138" | windows |
Affected
| ||||||
| Avira Search vendor "Avira" | Avira Prime Search vendor "Avira" for product "Avira Prime" | < 8.3.54.138 Search vendor "Avira" for product "Avira Prime" and version " < 8.3.54.138" | - |
Affected
| ||||||