Severity Rating: High
Systems Affected
· Bitdefender Total Security 2020 versions prior to 24.0.20.116
Overview
A vulnerability has been reported in Bitdefender Total Security 2020 that
could allow a remote attacker to execute arbitrary code on the targeted
system.
Description
This vulnerability exists due to insufficient URL sanitization and
validation in SafePay browser component of Bitdefender Total Security 2020.
A remote attacker could exploit this vulnerability by enticing an
unsuspected victim to visit a specially crafted web page and execute
arbitrary commands inside the Safepay Utility process.
Successful exploitation of this vulnerability could allow the attacker to
execute arbitrary code on the targeted system.
Best Practices
Users are urged not to visit un-trusted websites or follow links provided
by unknown or un-trusted sources.
Apply the Principle of Least Privilege to all systems and services.
Solution
Upgrade to Bitdefender Total Security 2020 versions 24.0.20.116
Vendor Information
Bitdefender
https://www.bitdefender.com/support/security-advisories/insufficient-url-sanitization-validation-safepay-browser-va-8631/
References
Bitdefender
https://www.bitdefender.com/support/security-advisories/insufficient-url-sanitization-validation-safepay-browser-va-8631/
CISecurity
https://www.cisecurity.org/advisory/a-vulnerability-in-bitdefender-safepay-could-allow-for-remote-code-execution_2020-085/
CVE Name
CVE-2020-8631
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.