CVE-2020-8103 - OpenCVE

A vulnerability in the improper handling of symbolic links in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects Bitdefender Antivirus Free versions prior to 1.0.17.178.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:N/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Bitdefender	Antivirus 2020

Configuration 1 [-]

cpe:2.3:a:bitdefender:antivirus_2020:*:*:*:*:free:*:*:*

References

Link	Resource
https://www.bitdefender.com/support/security-advisories/link-resolution-privilege-escalation-vulnerability-bitdefender-antivirus-free-va-8604/	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Bitdefender

Published: 2020-06-05T00:00:00

Updated: 2020-06-05T11:10:13

Reserved: 2020-01-28T00:00:00

Link: CVE-2020-8103

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-06-05T17:15:11.517

Modified: 2020-06-11T15:57:25.497

Link: CVE-2020-8103

JSON object: View

Redhat Information

No data.

CWE

CWE-59

{"containers": {"cna": {"affected": [{"product": "Bitdefender Antivirus Free", "vendor": "Bitdefender", "versions": [{"lessThan": "1.0.17.178", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Ilias Dimopoulos of\u202fRedyOps Research Labs"}], "datePublic": "2020-06-05T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the improper handling of symbolic links in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects Bitdefender Antivirus Free versions prior to 1.0.17.178."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-59", "description": "CWE-59 Improper Link Resolution Before File Access ('Link Following')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-06-05T11:10:13", "orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82", "shortName": "Bitdefender"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.bitdefender.com/support/security-advisories/link-resolution-privilege-escalation-vulnerability-bitdefender-antivirus-free-va-8604/"}], "solutions": [{"lang": "en", "value": "An automatic update to Bitdefender Antivirus Free version 1.0.17.178 or newer fixes the issue."}], "source": {"defect": ["VA-8604"], "discovery": "EXTERNAL"}, "title": "Link Resolution Privilege Escalation Vulnerability in Bitdefender Antivirus Free (VA-8604)", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve-requests@bitdefender.com", "DATE_PUBLIC": "2020-06-05T12:00:00.000Z", "ID": "CVE-2020-8103", "STATE": "PUBLIC", "TITLE": "Link Resolution Privilege Escalation Vulnerability in Bitdefender Antivirus Free (VA-8604)"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Bitdefender Antivirus Free", "version": {"version_data": [{"version_affected": "<", "version_value": "1.0.17.178"}]}}]}, "vendor_name": "Bitdefender"}]}}, "credit": [{"lang": "eng", "value": "Ilias Dimopoulos of\u202fRedyOps Research Labs"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the improper handling of symbolic links in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects Bitdefender Antivirus Free versions prior to 1.0.17.178."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-59 Improper Link Resolution Before File Access ('Link Following')"}]}]}, "references": {"reference_data": [{"name": "https://www.bitdefender.com/support/security-advisories/link-resolution-privilege-escalation-vulnerability-bitdefender-antivirus-free-va-8604/", "refsource": "MISC", "url": "https://www.bitdefender.com/support/security-advisories/link-resolution-privilege-escalation-vulnerability-bitdefender-antivirus-free-va-8604/"}]}, "solution": [{"lang": "en", "value": "An automatic update to Bitdefender Antivirus Free version 1.0.17.178 or newer fixes the issue."}], "source": {"defect": ["VA-8604"], "discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82", "assignerShortName": "Bitdefender", "cveId": "CVE-2020-8103", "datePublished": "2020-06-05T00:00:00", "dateReserved": "2020-01-28T00:00:00", "dateUpdated": "2020-06-05T11:10:13", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bitdefender:antivirus_2020:*:*:*:*:free:*:*:*", "matchCriteriaId": "01205F6F-F16C-4E3D-A6BF-E378C4BCD35A", "versionEndExcluding": "1.0.17.178", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the improper handling of symbolic links in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects Bitdefender Antivirus Free versions prior to 1.0.17.178."}, {"lang": "es", "value": "Una vulnerabilidad en el manejo inapropiado de enlaces simb\u00f3licos en Bitdefender Antivirus Free, puede permitir a un usuario no privilegiado sustituir un archivo en cuarentena y restaurarlo en una ubicaci\u00f3n privilegiada. Este problema afecta a Bitdefender Antivirus Free versiones anteriores a 1.0.17.178"}], "id": "CVE-2020-8103", "lastModified": "2020-06-11T15:57:25.497", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 6.0, "source": "cve-requests@bitdefender.com", "type": "Secondary"}]}, "published": "2020-06-05T17:15:11.517", "references": [{"source": "cve-requests@bitdefender.com", "tags": ["Vendor Advisory"], "url": "https://www.bitdefender.com/support/security-advisories/link-resolution-privilege-escalation-vulnerability-bitdefender-antivirus-free-va-8604/"}], "sourceIdentifier": "cve-requests@bitdefender.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-59"}], "source": "cve-requests@bitdefender.com", "type": "Secondary"}]}