CVE-2020-10863

Опубликовано: 01 апр. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to trigger a shutdown via RPC from a Low Integrity process via TempShutDownMachine.

Ссылки

https://forum.avast.com/index.php?topic=232420.0
Release Notes
Vendor Advisory
https://forum.avast.com/index.php?topic=232423.0
Release Notes
Vendor Advisory
https://github.com/umarfarook882/Avast_Multiple_Vulnerability_Disclosure/blob/master/README.md
Exploit
Third Party Advisory
https://forum.avast.com/index.php?topic=232420.0
Release Notes
Vendor Advisory
https://forum.avast.com/index.php?topic=232423.0
Release Notes
Vendor Advisory
https://github.com/umarfarook882/Avast_Multiple_Vulnerability_Disclosure/blob/master/README.md
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:avast:antivirus:*:*:*:*:*:*:*:*

Версия до 20.0 (исключая)

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 70%

0.00642

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-238p-mw87-v56r

github

около 3 лет назад