CVE-2020-15732

MEDIUM

Bitdefender Antivirus/Internet/Total Security <25.0.7.29 - Improper Certificate Validation

Title source: llm

Description

Improper Certificate Validation vulnerability in the Online Threat Prevention module as used in Bitdefender Total Security allows an attacker to potentially bypass HTTP Strict Transport Security (HSTS) checks. This issue affects: Bitdefender Total Security versions prior to 25.0.7.29. Bitdefender Internet Security versions prior to 25.0.7.29. Bitdefender Antivirus Plus versions prior to 25.0.7.29.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://www.bitdefender.com/support/security-advisories/improper-certificate-validation-bitdefender-total-security-va-8957

Scores

CVSS v3 6.5

EPSS 0.0054

EPSS Percentile 40.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Details

CWE

CWE-295

Status published

Products (3)

bitdefender/antivirus_plus < 25.0.7.29

bitdefender/internet_security < 25.0.7.29

bitdefender/total_security < 25.0.7.29

Published Jun 22, 2021

Tracked Since Feb 18, 2026