________________________________________________________________________
From the low-hanging-fruit-department
AVIRA Generic Malformed Container bypass (ISO Container)
________________________________________________________________________
Release mode : Coordinated disclosure / Vendor does not disclose
CVE : CVE-2020-9320
Ref : [TZO-19-2020] - AVIRA Generic AV Bypass (ISO Container)
Vendor : AVIRA
Status : PATCHED - Engine version 8.3.54.138.
CVE : none provided,
Vulnerability Dislosure Policy: https://caravelahq.com/b/policy/20949
Affected Products
=================
AV Engine below 8.3.54.138
All Avira products :
- Avira Antivirus Server
- Avira Antivirus for Endpoint
- Avira Antivirus for Small Business
- Avira Exchange Security (Gateway)
- Avira Internet Security Suite for Windows
- Avira Prime
- Avira Free Security Suite for Windows
- Cross Platform Anti-malware SDK
Attention:
can reach out to me to retreive the POC in order to test.
AVIRA OEM Partners:
- F-Secure
- Sophos
- Barracude
- Alibaba Cloud Security
- Check Point
- CUJO AI
- TP-Link
- FujiSoft
- AWS
- Rohde and Schwarz
- Careerbuilder
- Huawei
- Dracoon
- Total Availability
- FixMeStick
- APPVISORY
- Tabidus
- Cyren
Source :
https://oem.avira.com/en/partnership/our-partners
I. Background
----------------------------
and online privacy—ranging from antivirus to VPN and cleanup technologies.
Avira has the Trust Seal or the
http://www.teletrust.de/itsmig/
II. Description
----------------------------
III. Impact
----------------------------
It bypasses Avira perimeter defenses and sheduled AV scans.
or Exfiltration/Pivot Server).
this advisory I provide a link to my 2009 blog post
http://blog.zoller.lu/2009/04/case-for-av-bypassesevasions.html
IV. Patch / Advisory
----------------------------
PATCHED - Engine version 8.3.54.138.
V. Disclosure timeline
----------------------------
How Avira handled these reports in 2009 :
https://blog.zoller.lu/2009/04/avira-antivir-generic-cab-bypass.html
28 NOV 2019
Submitted the Vulnerabiltiy Details
04 DEC 2019
AVIRA releases a patch but doesn't inform the public and/or customers.
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/