Bitdefender Homepage
Back

Insufficient client validation in Bitdefender Endpoint Security for Mac (VA-8759)

Publication date: August 3rd, 2020

CVE ID:
CVE-2020-8108
CVSS scrore:
8.2 - https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Affected vendors:
Bitdefender
Affected products:
Bitdefender Endpoint Security for Mac
Vulnerability details:

Improper Authentication vulnerability in Bitdefender Endpoint Security for Mac allows an unprivileged process to restart the main service and potentially inject third-party code into a trusted process. This issue affects Bitdefender Endpoint Security for Mac versions prior to 4.12.80.

Additional details:
Version 4.12.80 of Bitdefender Endpoint Security for Mac mitigates this issue. Customers running Endpoint Security for Mac have received an automatic update that fixes the issue. 
Credit:
Ricardo Ungureanu