PT-2020-16708 · Quick Heal · Quick Heal Total Security

Ashu_Barot

Published

2020-11-30

Updated

2020-12-01

CVE-2020-27586

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Quick Heal Total Security versions prior to 19.0

Description The issue concerns the transmission of quarantine and sysinfo files via clear text. This means that sensitive information could be intercepted and read by unauthorized parties.

Recommendations For versions prior to 19.0, update to version 19.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the quarantine and sysinfo files until the update is applied.

Exploit

Fix

Cleartext Transmission of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-319

Related Identifiers

CVE-2020-27586

Affected Products

Quick Heal Total Security

PT-2020-16708 · Quick Heal · Quick Heal Total Security

CVE-2020-27586

Weakness Enumeration

Related Identifiers

Affected Products

References · 5