5.5
CVE-2020-9320
- EPSS 0.63%
- Published 20.02.2020 22:15:12
- Last modified 21.11.2024 05:40:24
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
Avira AV Engine before 8.3.54.138 allows virus-detection bypass via a crafted ISO archive. This affects versions before 8.3.54.138 of Antivirus for Endpoint, Antivirus for Small Business, Exchange Security (Gateway), Internet Security Suite for Windows, Prime, Free Security Suite for Windows, and Cross Platform Anti-malware SDK. NOTE: Vendor asserts that vulnerability does not exist in product
Data is provided by the National Vulnerability Database (NVD)
Avira ≫ Anti-malware Sdk Version < 8.3.54.138
Avira ≫ Antivirus Server Version < 8.3.54.138
Avira ≫ Avira Antivirus For Endpoint Version < 8.3.54.138
Avira ≫ Avira Antivirus For Small Business Version < 8.3.54.138
Avira ≫ Avira Exchange Security Version < 8.3.54.138
Avira ≫ Avira Free Security Suite SwPlatformwindows Version < 8.3.54.138
Avira ≫ Avira Internet Security Suite SwPlatformwindows Version < 8.3.54.138
Avira ≫ Avira Prime Version < 8.3.54.138
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.63% | 0.692 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.