CVE-2020-8097

EPSS 0.04%
Published 30.08.2020 21:15:11
Last modified 21.11.2024 05:38:17
Source cve-requests@bitdefender.com
Teams watchlist Login
Open Login

An improper authentication vulnerability in Bitdefender Endpoint Security Tools for Windows and Bitdefender Endpoint Security SDK allows an unprivileged local attacker to escalate privileges or tamper with the product's security settings. This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.18.261. This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.18.261. Bitdefender Endpoint Security SDK versions prior to 6.6.18.261.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Bitdefender ≫ Endpoint Security SwPlatformwindows Version < 6.6.18.261

Bitdefender ≫ Endpoint Security Tools SwPlatformwindows Version < 6.6.18.261

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.096

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P
cve-requests@bitdefender.com	8.1	1.5	6	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://www.bitdefender.com/support/security-advisories/improper-authentication-vulnerability-bitdefender-endpoint-security-tools-endpoint-security-sdk-va-8646

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-8097

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-8097

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-8097

EUVD