PT-2020-16707 · Quick Heal · Quick Heal Total Security

Ashutosh Barot

Published

2020-11-30

Updated

2020-12-04

CVE-2020-27585

CVSS v3.1

4.4

Medium

Vector

AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Quick Heal Total Security versions prior to 19.0

Description The issue allows attackers with local admin rights to modify sensitive anti-virus settings via a brute-force attack on the settings password. This can be exploited by attackers to compromise the security of the system.

Recommendations For versions prior to 19.0, update to version 19.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the settings password to prevent brute-force attacks until a patch is applied.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-521

Related Identifiers

CVE-2020-27585

Affected Products

Quick Heal Total Security

PT-2020-16707 · Quick Heal · Quick Heal Total Security

CVE-2020-27585

Weakness Enumeration

Related Identifiers

Affected Products

References · 5