Vulnerabilities > CVE-2020-12680 - Unspecified vulnerability in Avira Free Antivirus

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

local

low complexity

avira

NVD

Published: 2020-05-08

Updated: 2024-05-17

Summary

Avira Free Antivirus through 15.0.2005.1866 allows local users to discover user credentials. The functions of the executable file Avira.PWM.NativeMessaging.exe are aimed at collecting credentials stored in Chrome, Firefox, Opera, and Edge. The executable does not verify the calling program and thus a request such as fetchChromePasswords or fetchCredentials will succeed. NOTE: some third parties have stated that this is "not a vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Avira Avira Free Antivirus 15.0.1907.1514 Avira Free Antivirus 15.0.1909.1591 Avira Free Antivirus 15.0.1911.1648 Avira Free Antivirus 15.0.1911.1660 Avira Free Antivirus 15.0.1912.1683 Avira Free Antivirus 15.0.2002.1755 Avira Free Antivirus 15.0.2004.1825 Avira Free Antivirus 15.0.2005.1866	8

Summary

Vulnerable Configurations

References