Lucene search

K
cve[email protected]CVE-2020-9362
HistoryFeb 24, 2020 - 4:15 p.m.

CVE-2020-9362

2020-02-2416:15:13
CWE-436
web.nvd.nist.gov
25
quick heal
antivirus
cve-2020-9362
virus
security flaw
bypass mitigation

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

49.6%

The Quick Heal AV parsing engine (November 2019) allows virus-detection bypass via a crafted GPFLAG in a ZIP archive. This affects Total Security, Home Security, Total Security Multi-Device, Internet Security, Total Security for Mac, AntiVirus Pro, AntiVirus for Server, and Total Security for Android.

Affected configurations

NVD
Node
quickhealantivirus_for_serverMatch2019-11
OR
quickhealantivirus_proMatch2019-11
OR
quickhealhome_securityMatch2019-11
OR
quickhealinternet_securityMatch2019-11
OR
quickhealtotal_securityMatch2019-11-
OR
quickhealtotal_securityMatch2019-11android
OR
quickhealtotal_securityMatch2019-11mac_os
OR
quickhealtotal_security_multi-deviceMatch2019-11

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

49.6%

Related for CVE-2020-9362