Lucene search

[email protected]CVE-2020-10193

HistoryMar 06, 2020 - 8:15 p.m.

CVE-2020-10193

2020-03-0620:15:12

CWE-436

[email protected]

web.nvd.nist.gov

eset

archive support module

virus detection

bypass

rar compression information

security

cve-2020-10193

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.9%

JSON

ESET Archive Support Module before 1294 allows virus-detection bypass via crafted RAR Compression Information in an archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security, and NOD32 Antivirus 4 for Linux Desktop.

Affected configurations

NVD

Node

esetcyber_securityRange<1294macos

esetinternet_securityRange<1294

esetmobile_securityRange<1294android

esetmobile_securityMatch1294

esetnod32_antivirusRange<4linux

esetnod32_antivirusRange<1294

esetsmart_securityRange<1294premium

esetsmart_tv_securityRange<1294

CPENameOperatorVersion
eset:cyber_securityeset cyber securitylt1294
eset:internet_securityeset internet securitylt1294
eset:mobile_securityeset mobile securitylt1294
eset:nod32_antiviruseset nod32 antiviruslt4
eset:nod32_antiviruseset nod32 antiviruslt1294
eset:smart_securityeset smart securitylt1294
eset:smart_tv_securityeset smart tv securitylt1294

CPE	Name	Operator	Version
eset:cyber_security	eset cyber security	lt	1294
eset:internet_security	eset internet security	lt	1294
eset:mobile_security	eset mobile security	lt	1294
eset:nod32_antivirus	eset nod32 antivirus	lt	4
eset:nod32_antivirus	eset nod32 antivirus	lt	1294
eset:smart_security	eset smart security	lt	1294
eset:smart_tv_security	eset smart tv security	lt	1294

References

blog.zoller.lu/p/from-low-hanging-fruit-department_13.html

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.9%

JSON

Related for CVE-2020-10193

prion1 nvd1 cvelist1