Back

Local Privilege Escalation in Bitdefender Engines (VA-8953)

Publication date: September 30th, 2020

CVE ID:

CVE-2020-15731

CVSS scrore:

3.2 - https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N

Affected vendors:

Bitdefender

Affected products:

Bitdefender Engines

Vulnerability details:

An improper Input Validation vulnerability in the code handling file renaming and recovery in Bitdefender Engines allows an attacker to write an arbitrary file in a location hardcoded in a specially-crafted malicious file name.

This issue affects Bitdefender Engines versions prior to 7.85448.

Additional details:

An automatic update to Bitdefender Engines version 7.85448 fixes the issue.

Credit:

HOU JINGYI