CVE-2020-15732

Improper Certificate Validation vulnerability in the Online Threat Prevention module as used in Bitdefender Total Security allows an attacker to potentially bypass HTTP Strict Transport Security (HSTS) checks. This issue affects: Bitdefender Total Security versions prior to 25.0.7.29. Bitdefender Internet Security versions prior to 25.0.7.29. Bitdefender Antivirus Plus versions prior to 25.0.7.29.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
BitdefenderCNA
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 25%
VendorProductVersion
bitdefenderantivirus_plus
𝑥
< 25.0.7.29
bitdefenderinternet_security
𝑥
< 25.0.7.29
bitdefendertotal_security
𝑥
< 25.0.7.29
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.bitdefender.com/support/security-advisories/improper-certificate-validation-bitdefender-total-security-va-8957
https://www.bitdefender.com/support/security-advisories/improper-certificate-validation-bitdefender-total-security-va-8957