RPC Endpoint Vulnerability in Avast Antivirus Affecting Multiple Versions
CVE-2020-10868

7.5HIGH

Key Information:

Vendor

Avast

Status
Antivirus
Vendor
CVE Published:
1 April 2020

What is CVE-2020-10868?

A vulnerability in Avast Antivirus enables malicious actors to exploit the aswTask RPC endpoint associated with the TaskEx library. This flaw allows the execution of the Repair App RPC call from processes with Low Integrity, potentially compromising the system's security by allowing unauthorized actions that should not be accessible to low-integrity processes. Users with affected versions are advised to promptly update their software to mitigate possible risks.

References

https://forum.avast.com/index.php?topic=232420.0
x_refsource_MISC
https://forum.avast.com/index.php?topic=232423.0
x_refsource_MISC
https://github.com/umarfarook882/Avast_Multiple_Vulnerabi...
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2020-10868 : RPC Endpoint Vulnerability in Avast Antivirus Affecting Multiple Versions