Lucene search

[email protected]CVE-2020-9264

HistoryFeb 18, 2020 - 3:15 p.m.

CVE-2020-9264

2020-02-1815:15:00

CWE-436

[email protected]

web.nvd.nist.gov

eset

archive support module

virus-detection bypass

zip archive

cve-2020-9264

security vulnerability

nvd

smart security premium

internet security

nod32 antivirus

cyber security pro

smart tv security

mobile security

linux desktop

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

7.3 High

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

44.1%

JSON

ESET Archive Support Module before 1296 allows virus-detection bypass via a crafted Compression Information Field in a ZIP archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security, and NOD32 Antivirus 4 for Linux Desktop.

CPENameOperatorVersion
eset:nod32_antiviruseset nod32 antiviruslt1296
eset:internet_securityeset internet securitylt1296
eset:smart_securityeset smart securitylt1296
eset:nod32_antiviruseset nod32 antiviruseq4
eset:mobile_securityeset mobile securitylt1296
eset:smart_tv_securityeset smart tv securitylt1296
eset:cyber_securityeset cyber securitylt1296

CPE	Name	Operator	Version
eset:nod32_antivirus	eset nod32 antivirus	lt	1296
eset:internet_security	eset internet security	lt	1296
eset:smart_security	eset smart security	lt	1296
eset:nod32_antivirus	eset nod32 antivirus	eq	4
eset:mobile_security	eset mobile security	lt	1296
eset:smart_tv_security	eset smart tv security	lt	1296
eset:cyber_security	eset cyber security	lt	1296

References

seclists.org/fulldisclosure/2020/Feb/21

blog.zoller.lu/p/tzo-11-2020-eset-generic-malformed.html

support.eset.com/en/ca7387-modules-review-december-2019

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

7.3 High

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

44.1%

JSON

Related for CVE-2020-9264

prion1 cvelist1