PT-2019-16041 · Bullguard · Bullguard Premium Protection

Published

2019-12-26

Updated

2020-01-08

CVE-2019-20000

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions BullGuard Premium Protection version 20.0.371.8

Description The issue concerns a Time-of-Check-to-Time-of-Use (TOCTOU) problem in the malware scan function, which can be exploited through a symbolic link attack. This allows an attacker to delete privileged files.

Recommendations For BullGuard Premium Protection version 20.0.371.8, consider disabling the malware scan function temporarily until a patch is available to prevent potential exploitation.

Exploit

Fix

Time Of Check To Time Of Use

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-367

Related Identifiers

CVE-2019-20000

Affected Products

Bullguard Premium Protection

PT-2019-16041 · Bullguard · Bullguard Premium Protection

CVE-2019-20000

Weakness Enumeration

Related Identifiers

Affected Products

References · 3