CVE-2020-10867

CRITICAL

Avast Antivirus <20 - Auth Bypass

Title source: llm

Description

An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to bypass intended access restrictions on tasks from an untrusted process, when Self Defense is enabled.

References (3)

[Release Notes, Vendor Advisory] https://forum.avast.com/index.php?topic=232420.0

[Release Notes, Vendor Advisory] https://forum.avast.com/index.php?topic=232423.0

[Exploit, Third Party Advisory] https://github.com/umarfarook882/Avast_Multiple_Vulnerability_Disclosure/blob/master/README.md

View Exploit ZIP pw:eip

Scores

CVSS v3 9.8

EPSS 0.0040

EPSS Percentile 60.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-668

Status published

Affected Products (1)

avast/antivirus < 20.0

Timeline

Published Apr 01, 2020

Tracked Since Feb 18, 2026