CVE-2020-10863 : Security Advisory and Response
Discover the impact of CVE-2020-10863 in Avast Antivirus before version 20, allowing attackers to trigger a shutdown via RPC from a Low Integrity process. Learn about mitigation steps and prevention measures.
An issue was discovered in Avast Antivirus before version 20, allowing attackers to trigger a shutdown via RPC from a Low Integrity process.
Understanding CVE-2020-10863
What is CVE-2020-10863?
The vulnerability exists in the Avast Antivirus software, specifically in the aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe).
The Impact of CVE-2020-10863
The vulnerability enables attackers to initiate a shutdown through RPC from a Low Integrity process using TempShutDownMachine.
Technical Details of CVE-2020-10863
Vulnerability Description
The issue lies in the Avast Antivirus software's RPC endpoint, allowing unauthorized shutdown commands.
Affected Systems and Versions
- Product: Avast Antivirus
- Versions: Before version 20
Exploitation Mechanism
Attackers can exploit this vulnerability by sending malicious RPC requests from a Low Integrity process.
Mitigation and Prevention
Immediate Steps to Take
- Update Avast Antivirus to the latest version.
- Monitor for any unauthorized shutdown attempts.
Long-Term Security Practices
- Implement least privilege access controls.
- Regularly review and update security configurations.
Patching and Updates
Ensure timely installation of security patches and updates for Avast Antivirus.