Back

Local Privilege Escalation in Bitdefender Engines (VA-8953)

Publication date: September 30th, 2020


CVE ID:
CVE-2020-15731
CVSS scrore:
3.2 - https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N
Affected vendors:
Bitdefender
Affected products:
Bitdefender Engines
Vulnerability details:

An improper Input Validation vulnerability in the code handling file renaming and recovery in Bitdefender Engines allows an attacker to write an arbitrary file in a location hardcoded in a specially-crafted malicious file name.

This issue affects Bitdefender Engines versions prior to 7.85448.

Additional details:
An automatic update to Bitdefender Engines version 7.85448 fixes the issue.
Credit:
HOU JINGYI