9.8

CVE-2020-10180

EPSS 0.47%
Published 05.03.2020 19:15:11
Last modified 21.11.2024 04:54:55
Source cve@mitre.org
Teams watchlist Login
Open Login

The ESET AV parsing engine allows virus-detection bypass via a crafted BZ2 Checksum field in an archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security, and NOD32 Antivirus 4 for Linux Desktop.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Eset ≫ Cyber Security SwPlatformmacos Version < 1294

Eset ≫ Cyber Security SwEditionpro SwPlatformmacos Version < 1294

Eset ≫ Mobile Security SwPlatformandroid Version < 1294

Eset ≫ Nod32 Antivirus Version < 1294

Eset ≫ Nod32 Antivirus Version4 SwPlatformlinux

Eset ≫ Smart Security Version < 1294

Eset ≫ Smart Security SwEditionpremium Version < 1294

Eset ≫ Smart Tv Security Version < 1294

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.47%	0.635

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-436 Interpretation Conflict

Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B's state.

https://blog.zoller.lu/p/tzo-11-2020-eset-generic-malformed.html

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-10180

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-10180

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-10180

EUVD