| CVE ID | CVE-2020-8095 |
| CVSS SCORE | 6.1, AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H |
| AFFECTED VENDORS |
Bitdefender |
| AFFECTED PRODUCTS |
Total Security |
| VULNERABILITY DETAILS |
This vulnerability allows local attackers to create a denial-of-service condition on affected installations of BitDefender Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of junctions. By creating a junction, an attacker can abuse the service to delete arbitrary files. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. |
| ADDITIONAL DETAILS |
Bitdefender has issued an update to correct this vulnerability. More details can be found at:
https://www.bitdefender.com/support/security-advisories/bitdefender-total-security-link-resolution-denial-service-vulnerability-va-4021/ |
| DISCLOSURE TIMELINE |
|
| CREDIT | Nabeel Ahmed of Dimension Data Belgium |
