CVE-2020-10180 – This vulnerability allows attackers to bypass E... (How to Fix)

Q: What is the severity of CVE-2020-10180?

CVE-2020-10180 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows attackers to bypass ESET antivirus detection by embedding malware in specially crafted BZ2 archive files with manipulated checksum fields. It affects ESET security products across multiple platforms including Windows, macOS, Android, Linux, and smart TVs.

📋 TL;DR

This vulnerability allows attackers to bypass ESET antivirus detection by embedding malware in specially crafted BZ2 archive files with manipulated checksum fields. It affects ESET security products across multiple platforms including Windows, macOS, Android, Linux, and smart TVs.

💻 Affected Systems

Products:

Smart Security Premium
Internet Security
NOD32 Antivirus
Cyber Security Pro (macOS)
Cyber Security (macOS)
Mobile Security for Android
Smart TV Security
NOD32 Antivirus 4 for Linux Desktop

Versions: All versions before 1294

Operating Systems: Windows, macOS, Android, Linux, Smart TV OS

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations are vulnerable as this is a parsing engine flaw in the core antivirus functionality.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Malware completely evades detection and executes with system privileges, potentially leading to full system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Targeted attackers bypass antivirus protection to deliver malware payloads that would normally be detected, enabling persistent access or data exfiltration.

🟢

If Mitigated

With updated antivirus definitions and proper network segmentation, malware might be detected by other security layers before causing significant damage.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability requires creating a specially crafted BZ2 archive, which is relatively straightforward for attackers with knowledge of the flaw.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 1294 or later

Vendor Advisory: https://support.eset.com/en/ca7489

Restart Required: Yes

Instructions:

1. Open ESET security product. 2. Navigate to Update section. 3. Click 'Check for updates'. 4. Install all available updates. 5. Restart the system when prompted.

🔧 Temporary Workarounds

Disable archive scanning temporarily

all

Temporarily disable scanning of BZ2 archives while waiting for patch deployment

Specific commands vary by ESET product and platform - consult ESET documentation for your specific product

🧯 If You Can't Patch

Deploy network-based malware detection solutions to catch malicious archives before they reach endpoints
Implement application whitelisting to prevent execution of unauthorized programs

🔍 How to Verify

Check if Vulnerable:

Check ESET product version in the application interface or system tray. If version is below 1294, the system is vulnerable.

Check Version:

Windows: Open ESET GUI → Help and Support → About. macOS: ESET menu → About ESET Cyber Security. Linux: eset_gui → Help → About

Verify Fix Applied:

Verify version is 1294 or higher and run a full system scan to confirm detection engine is functioning properly.

📡 Detection & Monitoring

Log Indicators:

Failed or skipped archive scans
Unusual file access patterns after archive extraction
Antivirus engine crash or restart logs

Network Indicators:

Unusual BZ2 archive downloads from suspicious sources
Archive files with modified checksums in network traffic

SIEM Query:

source="eset_logs" AND (event="scan_skipped" OR event="engine_error") AND file_extension="bz2"

📊 Metadata

CVE ID: CVE-2020-10180

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-436

Published: March 5, 2020

Last Updated: November 21, 2024

🔗 References

https://blog.zoller.lu/p/tzo-11-2020-eset-generic-malformed.html Third Party Advisory
https://blog.zoller.lu/p/tzo-11-2020-eset-generic-malformed.html Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-10180, you might also want to check these: