Vulnerability Name:

CVE-2020-9320 (CCN-176712)

Assigned:2020-02-20
Published:2020-02-20
Updated:2021-03-04
Summary:** DISPUTED ** Avira AV Engine before 8.3.54.138 allows virus-detection bypass via a crafted ISO archive. This affects versions before 8.3.54.138 of Antivirus for Endpoint, Antivirus for Small Business, Exchange Security (Gateway), Internet Security Suite for Windows, Prime, Free Security Suite for Windows, and Cross Platform Anti-malware SDK.
Note: Vendor asserts that vulnerability does not exist in product.
CVSS v3 Severity:5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
4.9 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:U/RC:R)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): None
4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
3.5 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:U/RC:R)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-434
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2020-9320

Source: MISC
Type: Third Party Advisory, VDB Entry
http://packetstormsecurity.com/files/156472/AVIRA-Generic-Malformed-Container-Bypass.html

Source: FULLDISC
Type: Mailing List, Third Party Advisory
20200227 [TZO-19-2020] - AVIRA Generic AV Bypass (ISO Container) - CVE-2020-9320

Source: MISC
Type: Third Party Advisory
https://blog.zoller.lu/p/from-low-hanging-fruit-department-avira.html

Source: XF
Type: UNKNOWN
avira-cve20209320-sec-bypass(176712)

Source: CCN
Type: Packet Storm Security [02-21-2020]
AVIRA Generic Malformed Container Bypass

Source: CCN
Type: Avira Web site
Downloads

Source: MISC
Type: Third Party Advisory
https://www.zoller.lu/[TZO-01-2020]%20AVIRA%20Generic%20Bypass%20ISO.pdf

Vulnerable Configuration:Configuration 1:
  • cpe:/a:avira:anti-malware_sdk:*:*:*:*:*:*:*:* (Version < 8.3.54.138)
  • OR cpe:/a:avira:antivirus_server:*:*:*:*:*:*:*:* (Version < 8.3.54.138)
  • OR cpe:/a:avira:avira_antivirus_for_endpoint:*:*:*:*:*:*:*:* (Version < 8.3.54.138)
  • OR cpe:/a:avira:avira_antivirus_for_small_business:*:*:*:*:*:*:*:* (Version < 8.3.54.138)
  • OR cpe:/a:avira:avira_exchange_security:*:*:*:*:*:*:*:* (Version < 8.3.54.138)
  • OR cpe:/a:avira:avira_free_security_suite:*:*:*:*:*:windows:*:* (Version < 8.3.54.138)
  • OR cpe:/a:avira:avira_internet_security_suite:*:*:*:*:*:windows:*:* (Version < 8.3.54.138)
  • OR cpe:/a:avira:avira_prime:*:*:*:*:*:*:*:* (Version < 8.3.54.138)

  • * Denotes that component is vulnerable
    BACK
    avira anti-malware sdk *
    avira antivirus server *
    avira avira antivirus for endpoint *
    avira avira antivirus for small business *
    avira avira exchange security *
    avira avira free security suite *
    avira avira internet security suite *
    avira avira prime *