Virus-Detection Bypass in Avira Antivirus Products
CVE-2020-9320

5.5MEDIUM

Key Information:

Vendor

Avira

Status
Avira Free Security Suite
Avira Internet Security Suite
Avira Exchange Security
Avira Antivirus For Small Business
Vendor
CVE Published:
20 February 2020

What is CVE-2020-9320?

Avira's AV Engine versions prior to 8.3.54.138 are susceptible to a vulnerability that allows crafted ISO archives to bypass virus detection mechanisms. This potentially exposes systems to undetected malware threats. The issue impacts various Avira products including Antivirus for Endpoint, Antivirus for Small Business, and other security suites. Although the vendor claims that the vulnerability does not exist in certain products, the risk remains for users employing older, unpatched versions.

References

https://blog.zoller.lu/p/from-low-hanging-fruit-departmen...
x_refsource_MISC
https://www.zoller.lu/%5BTZO-01-2020%5D%20AVIRA%20Generic...
x_refsource_MISC
http://packetstormsecurity.com/files/156472/AVIRA-Generic...
x_refsource_MISC

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.