CVE-2020-8095 - OpenCVE

A vulnerability in the improper handling of junctions before deletion in Bitdefender Total Security 2020 can allow an attacker to to trigger a denial of service on the affected device.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:L/AC:L/Au:N/C:N/I:N/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Bitdefender	Total Security 2020

Configuration 1 [-]

cpe:2.3:a:bitdefender:total_security_2020:*:*:*:*:*:*:*:*

References

Link	Resource
https://www.bitdefender.com/support/security-advisories/bitdefender-total-security-link-resolution-denial-service-vulnerability-va-4021	Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-20-198/	Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Bitdefender

Published: 2020-01-30T00:00:00

Updated: 2020-02-05T23:06:01

Reserved: 2020-01-28T00:00:00

Link: CVE-2020-8095

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-01-30T21:15:15.263

Modified: 2022-05-24T18:42:37.510

Link: CVE-2020-8095

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "Bitdefender Total Security 2020", "vendor": "Bitdefender", "versions": [{"lessThan": "24.9", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Nabeel Ahmed of Dimension Data Belgium working with Trend Micro Zero Day Initiative"}], "datePublic": "2020-01-30T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the improper handling of junctions before deletion in Bitdefender Total Security 2020 can allow an attacker to to trigger a denial of service on the affected device."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-59", "description": "CWE-59 Improper Link Resolution Before File Access ('Link Following')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-02-05T23:06:01", "orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82", "shortName": "Bitdefender"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.bitdefender.com/support/security-advisories/bitdefender-total-security-link-resolution-denial-service-vulnerability-va-4021"}, {"tags": ["x_refsource_MISC"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-198/"}], "solutions": [{"lang": "en", "value": "The vulnerability has been fixed in Bitdefender Total Security 2020 version 24.9. A fix was automatically delivered to affected installs."}], "source": {"advisory": "VA-4021", "defect": ["VA-4021"], "discovery": "EXTERNAL"}, "title": "Bitdefender Total Security Link Resolution Denial-of-Service Vulnerability", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve-requests@bitdefender.com", "DATE_PUBLIC": "2020-01-30T14:00:00.000Z", "ID": "CVE-2020-8095", "STATE": "PUBLIC", "TITLE": "Bitdefender Total Security Link Resolution Denial-of-Service Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Bitdefender Total Security 2020", "version": {"version_data": [{"version_affected": "<", "version_value": "24.9"}]}}]}, "vendor_name": "Bitdefender"}]}}, "credit": [{"lang": "eng", "value": "Nabeel Ahmed of Dimension Data Belgium working with Trend Micro Zero Day Initiative"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the improper handling of junctions before deletion in Bitdefender Total Security 2020 can allow an attacker to to trigger a denial of service on the affected device."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-59 Improper Link Resolution Before File Access ('Link Following')"}]}]}, "references": {"reference_data": [{"name": "https://www.bitdefender.com/support/security-advisories/bitdefender-total-security-link-resolution-denial-service-vulnerability-va-4021", "refsource": "MISC", "url": "https://www.bitdefender.com/support/security-advisories/bitdefender-total-security-link-resolution-denial-service-vulnerability-va-4021"}, {"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-198/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-198/"}]}, "solution": [{"lang": "en", "value": "The vulnerability has been fixed in Bitdefender Total Security 2020 version 24.9. A fix was automatically delivered to affected installs."}], "source": {"advisory": "VA-4021", "defect": ["VA-4021"], "discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82", "assignerShortName": "Bitdefender", "cveId": "CVE-2020-8095", "datePublished": "2020-01-30T00:00:00", "dateReserved": "2020-01-28T00:00:00", "dateUpdated": "2020-02-05T23:06:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bitdefender:total_security_2020:*:*:*:*:*:*:*:*", "matchCriteriaId": "3728E987-5CCE-455B-A0B4-FAFDADECF87C", "versionEndExcluding": "24.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the improper handling of junctions before deletion in Bitdefender Total Security 2020 can allow an attacker to to trigger a denial of service on the affected device."}, {"lang": "es", "value": "Una vulnerabilidad en el manejo inapropiado de uniones antes de la eliminaci\u00f3n en Bitdefender Total Security 2020, puede permitir a un atacante desencadenar una denegaci\u00f3n de servicio en el dispositivo afectado."}], "id": "CVE-2020-8095", "lastModified": "2022-05-24T18:42:37.510", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 4.0, "source": "cve-requests@bitdefender.com", "type": "Secondary"}]}, "published": "2020-01-30T21:15:15.263", "references": [{"source": "cve-requests@bitdefender.com", "tags": ["Vendor Advisory"], "url": "https://www.bitdefender.com/support/security-advisories/bitdefender-total-security-link-resolution-denial-service-vulnerability-va-4021"}, {"source": "cve-requests@bitdefender.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-198/"}], "sourceIdentifier": "cve-requests@bitdefender.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-59"}], "source": "cve-requests@bitdefender.com", "type": "Secondary"}]}