Access Control Weakness in Avast Antivirus Service
CVE-2020-10867

9.8CRITICAL

Key Information:

Vendor

Avast

Status
Antivirus
Vendor
CVE Published:
1 April 2020

What is CVE-2020-10867?

A significant access control vulnerability has been identified in Avast Antivirus that pertains to the aswTask RPC endpoint within the TaskEx library in the Avast Service (AvastSvc.exe). This flaw permits attackers to bypass intended access restrictions from untrusted processes when the Self Defense feature is activated, potentially allowing unauthorized execution of tasks. Users of the affected versions are advised to update their software to mitigate potential risks associated with this vulnerability.

References

https://forum.avast.com/index.php?topic=232420.0
x_refsource_MISC
https://forum.avast.com/index.php?topic=232423.0
x_refsource_MISC
https://github.com/umarfarook882/Avast_Multiple_Vulnerabi...
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.