CVE-2020-9320
MEDIUMAvira Anti-malware SDK < 8.3.54.138 - Unrestricted File Upload
Title source: ruleDescription
Avira AV Engine before 8.3.54.138 allows virus-detection bypass via a crafted ISO archive. This affects versions before 8.3.54.138 of Antivirus for Endpoint, Antivirus for Small Business, Exchange Security (Gateway), Internet Security Suite for Windows, Prime, Free Security Suite for Windows, and Cross Platform Anti-malware SDK. NOTE: Vendor asserts that vulnerability does not exist in product
References (4)
Core 4
Core References
Third Party Advisory x_refsource_misc
https://blog.zoller.lu/p/from-low-hanging-fruit-department-avira.html
Various Sources x_refsource_misc
https://www.zoller.lu/%5BTZO-01-2020%5D%20AVIRA%20Generic%20Bypass%20ISO.pdf
Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/156472/AVIRA-Generic-Malformed-Container-Bypass.html
Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2020/Feb/31
Scores
CVSS v3
5.5
EPSS
0.0088
EPSS Percentile
75.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Details
CWE
CWE-434
Status
published
Products (8)
avira/anti-malware_sdk
< 8.3.54.138
avira/antivirus_server
< 8.3.54.138
avira/avira_antivirus_for_endpoint
< 8.3.54.138
avira/avira_antivirus_for_small_business
< 8.3.54.138
avira/avira_exchange_security
< 8.3.54.138
avira/avira_free_security_suite
< 8.3.54.138
avira/avira_internet_security_suite
< 8.3.54.138
avira/avira_prime
< 8.3.54.138
Published
Feb 20, 2020
Tracked Since
Feb 18, 2026