CVE-2020-9320

Avira AV Engine before 8.3.54.138 allows virus-detection bypass via a crafted ISO archive. This affects versions before 8.3.54.138 of Antivirus for Endpoint, Antivirus for Small Business, Exchange Security (Gateway), Internet Security Suite for Windows, Prime, Free Security Suite for Windows, and Cross Platform Anti-malware SDK. NOTE: Vendor asserts that vulnerability does not exist in product

Published: Feb 20, 2020
Updated: Nov 8, 2023
CVE: CVE-2020-9320
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-434

Affected Software
References

Software	From	Fixed in
avira / avira_free_security_suite	-	8.3.54.138
avira / avira_internet_security_suite	-	8.3.54.138
avira / avira_exchange_security	-	8.3.54.138
avira / avira_antivirus_for_small_business	-	8.3.54.138
avira / avira_prime	-	8.3.54.138
avira / avira_antivirus_for_endpoint	-	8.3.54.138
avira / antivirus_server	-	8.3.54.138
avira / anti-malware_sdk	-	8.3.54.138

Vulnerability Database

289,697

CVE-2020-9320