Shodan
Vulnerabilities
Vulnerable Software
Avast:  >> Antivirus  >> 17.3.2291  Security Vulnerabilities
CVE-2020-10865
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to make arbitrary changes to the Components section of the Stats.ini file via RPC from a Low Integrity process.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-04-01
CVE-2020-10866
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to enumerate the network interfaces and access points from a Low Integrity process via RPC.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-04-01
CVE-2020-10864
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to trigger a reboot via RPC from a Low Integrity process.
CVSS Score
6.5
EPSS Score
0.005
Published
2020-04-01
CVE-2020-10860
An issue was discovered in Avast Antivirus before 20. An Arbitrary Memory Address Overwrite vulnerability in the aswAvLog Log Library results in Denial of Service of the Avast Service (AvastSvc.exe).
CVSS Score
7.5
EPSS Score
0.006
Published
2020-04-01
CVE-2020-10861
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to achieve Arbitrary File Deletion from Avast Program Path via RPC, when Self Defense is Enabled.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-04-01
CVE-2020-10862
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to achieve Local Privilege Escalation (LPE) via RPC.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-04-01
CVE-2020-10863
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to trigger a shutdown via RPC from a Low Integrity process via TempShutDownMachine.
CVSS Score
7.5
EPSS Score
0.006
Published
2020-04-01
CVE-2019-17093
An issue was discovered in Avast antivirus before 19.8 and AVG antivirus before 19.8. A DLL Preloading vulnerability allows an attacker to implant %WINDIR%\system32\wbemcomn.dll, which is loaded into a protected-light process (PPL) and might bypass some of the self-defense mechanisms. This affects all components that use WMI, e.g., AVGSvc.exe 19.6.4546.0 and TuneupSmartScan.dll 19.1.884.0.
CVSS Score
7.8
EPSS Score
0.0
Published
2019-10-23
CVE-2019-11230
In Avast Antivirus before 19.4, a local administrator can trick the product into renaming arbitrary files by replacing the Logs\Update.log file with a symlink. The next time the product attempts to write to the log file, the target of the symlink is renamed. This defect can be exploited to rename a critical product file (e.g., AvastSvc.exe), causing the product to fail to start on the next system restart.
CVSS Score
4.4
EPSS Score
0.001
Published
2019-07-18


Products
Pricing
Contact Us

Shodan ® - All rights reserved