Lucene search

MitreCVE-2020-15024

HistorySep 10, 2020 - 6:15 p.m.

CVE-2020-15024

2020-09-1018:15:12

CWE-459

CWE-212

mitre

web.nvd.nist.gov

security

avast antivirus

vulnerability

password manager

cve-2020-15024

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.4

Confidence

High

EPSS

Percentile

12.6%

JSON

An issue was discovered in the Login Password feature of the Password Manager component in Avast Antivirus 20.1.5069.562. An entered password continues to be stored in Windows main memory after a logout, and after a Lock Vault operation.

Affected configurations

Nvd

Node

avastantivirusMatch20.1.5069.562

VendorProductVersionCPE
avastantivirus20.1.5069.562cpe:2.3:a:avast:antivirus:20.1.5069.562:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
avast	antivirus	20.1.5069.562	cpe:2.3:a:avast:antivirus:20.1.5069.562:::::::*

References

nestedif.com/avast-antivirus-password-manager-vulnerability-improper-session-handling-leading-to-information-disclosure-advisory/

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.4

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVE-2020-15024