Local Privilege Escalation in Bitdefender Engines (VA-8953)
CVE-2020-15731

3.2LOW

Key Information:

Vendor

Bitdefender

Status
Bitdefender Engines
Vendor
CVE Published:
30 September 2020

What is CVE-2020-15731?

An improper Input Validation vulnerability in the code handling file renaming and recovery in Bitdefender Engines allows an attacker to write an arbitrary file in a location hardcoded in a specially-crafted malicious file name. This issue affects: Bitdefender Engines versions prior to 7.85448.

Affected Version(s)

Bitdefender Engines < 7.85448

References

https://www.bitdefender.com/support/security-advisories/l...
x_refsource_MISC

CVSS V3.1

Score:
3.2
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

HOU JINGYI
JSON
.