PT-2020-14612 · Bitdefender · Bitdefender Engines

Hou Jingyi

Published

2020-09-30

Updated

2020-10-09

CVE-2020-15731

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Bitdefender Engines versions prior to 7.85448

Description An improper Input Validation vulnerability in the code handling file renaming and recovery in Bitdefender Engines allows an attacker to write an arbitrary file in a location hardcoded in a specially-crafted malicious file name.

Recommendations For Bitdefender Engines versions prior to 7.85448, update to version 7.85448 or later to resolve the issue. As a temporary workaround, consider restricting file renaming and recovery operations to minimize the risk of exploitation.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2020-15731

Affected Products

Bitdefender Engines

PT-2020-14612 · Bitdefender · Bitdefender Engines

CVE-2020-15731

Weakness Enumeration

Related Identifiers

Affected Products

References · 4