CVE-2020-8107 - OpenCVE

A Process Control vulnerability in ProductAgentUI.exe as used in Bitdefender Antivirus Plus allows an attacker to tamper with product settings via a specially crafted DLL file. This issue affects: Bitdefender Antivirus Plus versions prior to 24.0.26.136. Bitdefender Internet Security versions prior to 24.0.26.136. Bitdefender Total Security versions prior to 24.0.26.136.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Bitdefender	Antivirus Plus Internet Security Total Security

Configuration 1 [-]

OR	cpe:2.3:a:bitdefender:antivirus_plus::::::::
	cpe:2.3:a:bitdefender:internet_security::::::::
	cpe:2.3:a:bitdefender:total_security::::::::

No data.

References

Link	Providers
https://www.bitdefender.com/support/security-advisories/process-control-vulnerability-bitdefender-antivirus-plus-va-8709/

History

No history.

MITRE

Status: PUBLISHED

Assigner: Bitdefender

Published: 2022-02-18T08:20:11.896490Z

Updated: 2024-09-16T17:39:04.749Z

Reserved: 2020-01-28T00:00:00

Link: CVE-2020-8107

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-02-18T09:15:06.960

Modified: 2022-02-25T22:01:47.360

Link: CVE-2020-8107

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Antivirus Plus", "vendor": "Bitdefender", "versions": [{"lessThan": "24.0.26.136", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Internet Security", "vendor": "Bitdefender", "versions": [{"lessThan": "24.0.26.136", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Total Security", "vendor": "Bitdefender", "versions": [{"lessThan": "24.0.26.136", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "\uae40\ub3d9\ud604 - dsu.kr"}], "datePublic": "2022-02-18T00:00:00", "descriptions": [{"lang": "en", "value": "A Process Control vulnerability in ProductAgentUI.exe as used in Bitdefender Antivirus Plus allows an attacker to tamper with product settings via a specially crafted DLL file. This issue affects: Bitdefender Antivirus Plus versions prior to 24.0.26.136. Bitdefender Internet Security versions prior to 24.0.26.136. Bitdefender Total Security versions prior to 24.0.26.136."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-114", "description": "CWE-114 Process Control", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-02-18T08:20:11", "orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82", "shortName": "Bitdefender"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.bitdefender.com/support/security-advisories/process-control-vulnerability-bitdefender-antivirus-plus-va-8709/"}], "solutions": [{"lang": "en", "value": "An automatic update to version 24.0.26.136 fixes the issue."}], "source": {"defect": ["VA-8709"], "discovery": "EXTERNAL"}, "title": "Process Control vulnerability in Bitdefender Antivirus Plus", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve-requests@bitdefender.com", "DATE_PUBLIC": "2022-02-18T10:00:00.000Z", "ID": "CVE-2020-8107", "STATE": "PUBLIC", "TITLE": "Process Control vulnerability in Bitdefender Antivirus Plus"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Antivirus Plus", "version": {"version_data": [{"version_affected": "<", "version_value": "24.0.26.136"}]}}, {"product_name": "Internet Security", "version": {"version_data": [{"version_affected": "<", "version_value": "24.0.26.136"}]}}, {"product_name": "Total Security", "version": {"version_data": [{"version_affected": "<", "version_value": "24.0.26.136"}]}}]}, "vendor_name": "Bitdefender"}]}}, "credit": [{"lang": "eng", "value": "\uae40\ub3d9\ud604 - dsu.kr"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A Process Control vulnerability in ProductAgentUI.exe as used in Bitdefender Antivirus Plus allows an attacker to tamper with product settings via a specially crafted DLL file. This issue affects: Bitdefender Antivirus Plus versions prior to 24.0.26.136. Bitdefender Internet Security versions prior to 24.0.26.136. Bitdefender Total Security versions prior to 24.0.26.136."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-114 Process Control"}]}]}, "references": {"reference_data": [{"name": "https://www.bitdefender.com/support/security-advisories/process-control-vulnerability-bitdefender-antivirus-plus-va-8709/", "refsource": "MISC", "url": "https://www.bitdefender.com/support/security-advisories/process-control-vulnerability-bitdefender-antivirus-plus-va-8709/"}]}, "solution": [{"lang": "en", "value": "An automatic update to version 24.0.26.136 fixes the issue."}], "source": {"defect": ["VA-8709"], "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T09:48:25.632Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.bitdefender.com/support/security-advisories/process-control-vulnerability-bitdefender-antivirus-plus-va-8709/"}]}]}, "cveMetadata": {"assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82", "assignerShortName": "Bitdefender", "cveId": "CVE-2020-8107", "datePublished": "2022-02-18T08:20:11.896490Z", "dateReserved": "2020-01-28T00:00:00", "dateUpdated": "2024-09-16T17:39:04.749Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bitdefender:antivirus_plus:*:*:*:*:*:*:*:*", "matchCriteriaId": "0E714E3B-AA18-4E90-AA9B-39FE62249AD5", "versionEndExcluding": "24.0.26.136", "vulnerable": true}, {"criteria": "cpe:2.3:a:bitdefender:internet_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "AD6C2171-1627-4E86-A1EF-52FA7D23A51C", "versionEndExcluding": "24.0.26.136", "vulnerable": true}, {"criteria": "cpe:2.3:a:bitdefender:total_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "9627C4B1-8281-445E-9B9C-08C972B6B3CD", "versionEndExcluding": "24.0.26.136", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A Process Control vulnerability in ProductAgentUI.exe as used in Bitdefender Antivirus Plus allows an attacker to tamper with product settings via a specially crafted DLL file. This issue affects: Bitdefender Antivirus Plus versions prior to 24.0.26.136. Bitdefender Internet Security versions prior to 24.0.26.136. Bitdefender Total Security versions prior to 24.0.26.136."}, {"lang": "es", "value": "Una vulnerabilidad de Control de Procesos en ProductAgentUI.exe usado en Bitdefender Antivirus Plus permite a un atacante manipular la configuraci\u00f3n del producto por medio de un archivo DLL especialmente dise\u00f1ado. Este problema afecta a: Bitdefender Antivirus Plus versiones anteriores a 24.0.26.136. Bitdefender Internet Security versiones anteriores a 24.0.26.136. Bitdefender Total Security versiones anteriores a 24.0.26.136"}], "id": "CVE-2020-8107", "lastModified": "2022-02-25T22:01:47.360", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 6.0, "source": "cve-requests@bitdefender.com", "type": "Secondary"}]}, "published": "2022-02-18T09:15:06.960", "references": [{"source": "cve-requests@bitdefender.com", "tags": ["Vendor Advisory"], "url": "https://www.bitdefender.com/support/security-advisories/process-control-vulnerability-bitdefender-antivirus-plus-va-8709/"}], "sourceIdentifier": "cve-requests@bitdefender.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-114"}], "source": "cve-requests@bitdefender.com", "type": "Secondary"}]}