PT-2021-9802 · Bitdefender · Bitdefender Total Security+2
Ollie Killean
·
Published
2021-06-22
·
Updated
2021-06-29
·
CVE-2020-15732
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Bitdefender Total Security versions prior to 25.0.7.29
Bitdefender Internet Security versions prior to 25.0.7.29
Bitdefender Antivirus Plus versions prior to 25.0.7.29
Description
The issue is related to an Improper Certificate Validation vulnerability in the Online Threat Prevention module. This vulnerability allows an attacker to potentially bypass HTTP Strict Transport Security (HSTS) checks.
Recommendations
For Bitdefender Total Security versions prior to 25.0.7.29, update to version 25.0.7.29 or later.
For Bitdefender Internet Security versions prior to 25.0.7.29, update to version 25.0.7.29 or later.
For Bitdefender Antivirus Plus versions prior to 25.0.7.29, update to version 25.0.7.29 or later.
Fix
Improper Certificate Validation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bitdefender Antivirus Plus
Bitdefender Internet Security
Bitdefender Total Security