Improper Certificate Validation in Bitdefender Total Security
CVE-2020-15732

6.5MEDIUM

Key Information:

Vendor

Bitdefender

Status
Total Security
Internet Security
Antivirus Plus
Vendor
CVE Published:
22 June 2021
đź”” Create Bitdefender Vulnerability Alert

What is CVE-2020-15732?

A vulnerability has been identified in the Online Threat Prevention module of Bitdefender Total Security, which can potentially allow an attacker to bypass HTTP Strict Transport Security (HSTS) checks. This flaw affects multiple Bitdefender products, specifically those versions prior to 25.0.7.29, including Bitdefender Total Security, Bitdefender Internet Security, and Bitdefender Antivirus Plus. It is crucial for users to ensure they are running updated versions to mitigate the risk associated with this vulnerability.

Affected Version(s)

Antivirus Plus < 25.0.7.29

Internet Security < 25.0.7.29

Total Security < 25.0.7.29

References

https://www.bitdefender.com/support/security-advisories/i...
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Ollie Killean
.