CVE-2020-9320 - OpenCVE

Avira AV Engine before 8.3.54.138 allows virus-detection bypass via a crafted ISO archive. This affects versions before 8.3.54.138 of Antivirus for Endpoint, Antivirus for Small Business, Exchange Security (Gateway), Internet Security Suite for Windows, Prime, Free Security Suite for Windows, and Cross Platform Anti-malware SDK. NOTE: Vendor asserts that vulnerability does not exist in product

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Avira	Avira Prime Avira Antivirus For Small Business Anti-malware Sdk Avira Exchange Security Avira Internet Security Suite Avira Antivirus For Endpoint Avira Free Security Suite Antivirus Server

Configuration 1 [-]

OR	cpe:2.3:a:avira:anti-malware_sdk::::::::
	cpe:2.3:a:avira:antivirus_server::::::::
	cpe:2.3:a:avira:avira_antivirus_for_endpoint::::::::
	cpe:2.3:a:avira:avira_antivirus_for_small_business::::::::
	cpe:2.3:a:avira:avira_exchange_security::::::::
	cpe:2.3:a:avira:avira_free_security_suite::::::windows::*
	cpe:2.3:a:avira:avira_internet_security_suite::::::windows::*
	cpe:2.3:a:avira:avira_prime::::::::

References

Link	Resource
http://packetstormsecurity.com/files/156472/AVIRA-Generic-Malformed-Container-Bypass.html	Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2020/Feb/31	Mailing List Third Party Advisory
https://blog.zoller.lu/p/from-low-hanging-fruit-department-avira.html	Third Party Advisory
https://www.zoller.lu/%5BTZO-01-2020%5D%20AVIRA%20Generic%20Bypass%20ISO.pdf

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2020-02-20T21:39:43

Updated: 2021-02-01T15:14:33

Reserved: 2020-02-20T00:00:00

Link: CVE-2020-9320

JSON object: View

NVD Information

Status : Modified

Published: 2020-02-20T22:15:12.257

Modified: 2024-05-17T01:51:24.850

Link: CVE-2020-9320

JSON object: View

Redhat Information

No data.

CWE

CWE-434

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Avira AV Engine before 8.3.54.138 allows virus-detection bypass via a crafted ISO archive. This affects versions before 8.3.54.138 of Antivirus for Endpoint, Antivirus for Small Business, Exchange Security (Gateway), Internet Security Suite for Windows, Prime, Free Security Suite for Windows, and Cross Platform Anti-malware SDK. NOTE: Vendor asserts that vulnerability does not exist in product"}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-02-01T15:14:33", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://blog.zoller.lu/p/from-low-hanging-fruit-department-avira.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.zoller.lu/%5BTZO-01-2020%5D%20AVIRA%20Generic%20Bypass%20ISO.pdf"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/156472/AVIRA-Generic-Malformed-Container-Bypass.html"}, {"name": "20200227 [TZO-19-2020] - AVIRA Generic AV Bypass (ISO Container) - CVE-2020-9320", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2020/Feb/31"}], "tags": ["disputed"], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-9320", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "** DISPUTED ** Avira AV Engine before 8.3.54.138 allows virus-detection bypass via a crafted ISO archive. This affects versions before 8.3.54.138 of Antivirus for Endpoint, Antivirus for Small Business, Exchange Security (Gateway), Internet Security Suite for Windows, Prime, Free Security Suite for Windows, and Cross Platform Anti-malware SDK. NOTE: Vendor asserts that vulnerability does not exist in product."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://blog.zoller.lu/p/from-low-hanging-fruit-department-avira.html", "refsource": "MISC", "url": "https://blog.zoller.lu/p/from-low-hanging-fruit-department-avira.html"}, {"name": "https://www.zoller.lu/[TZO-01-2020]%20AVIRA%20Generic%20Bypass%20ISO.pdf", "refsource": "MISC", "url": "https://www.zoller.lu/[TZO-01-2020]%20AVIRA%20Generic%20Bypass%20ISO.pdf"}, {"name": "http://packetstormsecurity.com/files/156472/AVIRA-Generic-Malformed-Container-Bypass.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/156472/AVIRA-Generic-Malformed-Container-Bypass.html"}, {"name": "20200227 [TZO-19-2020] - AVIRA Generic AV Bypass (ISO Container) - CVE-2020-9320", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2020/Feb/31"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-9320", "datePublished": "2020-02-20T21:39:43", "dateReserved": "2020-02-20T00:00:00", "dateUpdated": "2021-02-01T15:14:33", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:avira:anti-malware_sdk:*:*:*:*:*:*:*:*", "matchCriteriaId": "1B72788C-6ACD-482D-87D3-C334D8A16439", "versionEndExcluding": "8.3.54.138", "vulnerable": true}, {"criteria": "cpe:2.3:a:avira:antivirus_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "30F53D27-BB74-4081-ADCD-40E3BCF4CF61", "versionEndExcluding": "8.3.54.138", "vulnerable": true}, {"criteria": "cpe:2.3:a:avira:avira_antivirus_for_endpoint:*:*:*:*:*:*:*:*", "matchCriteriaId": "82507BF4-1F45-42B6-85A0-85F3F8D67C82", "versionEndExcluding": "8.3.54.138", "vulnerable": true}, {"criteria": "cpe:2.3:a:avira:avira_antivirus_for_small_business:*:*:*:*:*:*:*:*", "matchCriteriaId": "2B79CE7D-B721-4020-B203-A41F8756E818", "versionEndExcluding": "8.3.54.138", "vulnerable": true}, {"criteria": "cpe:2.3:a:avira:avira_exchange_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "5F86DF45-AAF9-456A-8E99-7B79790BC859", "versionEndExcluding": "8.3.54.138", "vulnerable": true}, {"criteria": "cpe:2.3:a:avira:avira_free_security_suite:*:*:*:*:*:windows:*:*", "matchCriteriaId": "A136E43F-2878-49EC-9F72-97DD4F9DF509", "versionEndExcluding": "8.3.54.138", "vulnerable": true}, {"criteria": "cpe:2.3:a:avira:avira_internet_security_suite:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1E2E63E2-1AC6-463A-B20E-C73B51F1C3EF", "versionEndExcluding": "8.3.54.138", "vulnerable": true}, {"criteria": "cpe:2.3:a:avira:avira_prime:*:*:*:*:*:*:*:*", "matchCriteriaId": "10E837C1-A5D3-48CC-8E0E-AE4D99AD7CFA", "versionEndExcluding": "8.3.54.138", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Avira AV Engine before 8.3.54.138 allows virus-detection bypass via a crafted ISO archive. This affects versions before 8.3.54.138 of Antivirus for Endpoint, Antivirus for Small Business, Exchange Security (Gateway), Internet Security Suite for Windows, Prime, Free Security Suite for Windows, and Cross Platform Anti-malware SDK. NOTE: Vendor asserts that vulnerability does not exist in product"}, {"lang": "es", "value": "** EN DISPUTA ** Avira AV Engine versiones anteriores a 8.3.54.138, permite omitir la detecci\u00f3n de virus por medio de un archivo ISO dise\u00f1ado. Esto afecta a las versiones anteriores a 8.3.54.138 de Antivirus para Endpoint, Antivirus para Small Business, Exchange Security (Gateway), Internet Security Suite para Windows, Prime, Free Security Suite para Windows y Cross Platparam Anti-malware SDK. NOTA: El vendedor afirma que la vulnerabilidad no existe en el producto"}], "id": "CVE-2020-9320", "lastModified": "2024-05-17T01:51:24.850", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-02-20T22:15:12.257", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/156472/AVIRA-Generic-Malformed-Container-Bypass.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2020/Feb/31"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://blog.zoller.lu/p/from-low-hanging-fruit-department-avira.html"}, {"source": "cve@mitre.org", "url": "https://www.zoller.lu/%5BTZO-01-2020%5D%20AVIRA%20Generic%20Bypass%20ISO.pdf"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "nvd@nist.gov", "type": "Primary"}]}