CVE-2020-10180
moderate-risk
Published 2020-03-05
The ESET AV parsing engine allows virus-detection bypass via a crafted BZ2 Checksum field in an archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security, and NOD32 Antivirus 4 for Linux Desktop.
Do I need to act?
-
0.47% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (8)
Cyber Security
Cyber Security
Mobile Security
Nod32 Antivirus
Nod32 Antivirus
Smart Security
Smart Security
Smart Tv Security
Affected Vendors
References (2)
Third Party Advisory
https://blog.zoller.lu/p/tzo-11-2020-eset-generic-malformed.html
Third Party Advisory
https://blog.zoller.lu/p/tzo-11-2020-eset-generic-malformed.html
48
/ 100
moderate-risk
Severity
32/34 · Critical
Exploitability
2/34 · Minimal
Exposure
14/34 · Moderate