#VU26537 Improper access control in Avast Antivirus


Published: 2020-04-02

Vulnerability identifier: #VU26537

Vulnerability risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-10865

CWE-ID: CWE-284

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Avast Antivirus
Client/Desktop applications / Antivirus software/Personal firewalls

Vendor: Avast Software s.r.o.

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions in the aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe). A remote attacker can bypass implemented security restrictions and make arbitrary changes to the Components section of the "Stats.ini" file via RPC from a Low Integrity process.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Avast Antivirus: 19.8.2393


External links
http://forum.avast.com/index.php?topic=232420.0
http://forum.avast.com/index.php?topic=232423.0
http://github.com/umarfarook882/Avast_Multiple_Vulnerability_Disclosure/blob/master/README.md


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability