Back

Improper authentication vulnerability in Bitdefender Endpoint Security Tools and Endpoint Security SDK (VA-8646)

Publication date: August 30th, 2020

CVE ID:

CVE-2020-8097

CVSS scrore:

8.1 - https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H

Affected vendors:

Bitdefender

Affected products:

Bitdefender Endpoinit Security Tools for Windows; Bitdefender Endpoint Security SDK

Vulnerability details:

An untrusted search path vulnerability in the product.console.exe as implemented in Bitdefender Endpoinit Security Tools for Windows and Endpoint Security SDK allows an unprivileged local attacker to escalate privileges or tamper with the product’s security settings.

This issue affects Bitdefender Endpoinit Security Tools for Windows versions prior to 6.6.18.261; Endpoint Security SDK versions prior to 6.6.18.261.

Additional details:

An automatic update to Bitdefender Endpoint Security Tools / Endpoint Security SDK version 6.6.18.261 or newer fixes the issue.

Credit:

Nicolas VERDIER, Senior IT Security Consultant at Tehtris