Vulnerabilities > CVE-2020-10867 - Exposure of Resource to Wrong Sphere vulnerability in Avast Antivirus

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

avast

CWE-668

critical

NVD

Published: 2020-04-01

Updated: 2020-04-02

Summary

An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to bypass intended access restrictions on tasks from an untrusted process, when Self Defense is enabled.

Vulnerable Configurations

Part	Description	Count
Application	Avast Avast Antivirus 8.0.1489 Avast Antivirus 8.0.1497 Avast Antivirus 8.0.1500 Avast Antivirus 8.0.1501 Avast Antivirus 8.0.1504 Avast Antivirus 8.0.1506 Avast Antivirus 12.1.2272 Avast Antivirus 12.2.2276 Avast Antivirus 12.3.2279 Avast Antivirus 17.1.2286 Avast Antivirus 17.2.2288 Avast Antivirus 17.3.2290 Avast Antivirus 17.3.2291 Avast Antivirus 17.4.2294 Avast Antivirus 17.5.2302 Avast Antivirus 17.6.2310 Avast Antivirus 17.7.2314 Avast Antivirus 17.8.2318 Avast Antivirus 17.9.2322 Avast Antivirus 18.1.2326 Avast Antivirus 18.2.2328 Avast Antivirus 18.3.2333 Avast Antivirus 18.4.2338 Avast Antivirus 18.5.2342 Avast Antivirus 18.6.2349 Avast Antivirus 18.7.2354 Avast Antivirus 18.8.2356 Avast Antivirus 19.1 Avast Antivirus 19.3.2369 Avast Antivirus 19.4 Avast Antivirus 19.4.2374 Avast Antivirus 19.5.2378 Avast Antivirus 19.6.2383 Avast Antivirus 19.7 Avast Antivirus 19.7.2388 Avast Antivirus 19.8 Avast Antivirus 19.8.2393	39
OS	Microsoft Microsoft Windows -	1

Common Weakness Enumeration (CWE)

CWE-668 - Exposure of Resource to Wrong Sphere

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References