Login Sign Up

CVE-2020-10860

7.5 HIGH
Denial of Service

📋 TL;DR

This vulnerability in Avast Antivirus allows attackers to overwrite arbitrary memory addresses in the aswAvLog logging library, causing denial of service to the Avast Service (AvastSvc.exe). It affects Avast Antivirus users running versions before 20. The vulnerability can be exploited locally to crash the antivirus service.

💻 Affected Systems

Products:
  • Avast Antivirus
Versions: All versions before 20
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the core Avast service component that runs with system privileges.

📦 What is this software?

Antivirus by Avast

View all CVEs affecting Antivirus →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete denial of service of Avast antivirus protection, potentially allowing malware to execute without detection while the service is down.

🟠

Likely Case

Local denial of service attack that crashes the Avast service, temporarily disabling antivirus protection until system restart.

🟢

If Mitigated

Minimal impact if patched; antivirus continues to function normally with proper memory protections.

🌐 Internet-Facing: LOW - This appears to be a local vulnerability requiring access to the system.
🏢 Internal Only: MEDIUM - Local attackers or malware could exploit this to disable antivirus protection.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires local access to the system. Proof of concept code is available in public disclosures.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 20 and later

Vendor Advisory: https://forum.avast.com/index.php?topic=232420.0

Restart Required: Yes

Instructions:

1. Open Avast Antivirus. 2. Go to Menu → Settings → Update. 3. Click 'Update' to check for updates. 4. Install any available updates. 5. Restart your computer when prompted.

🔧 Temporary Workarounds

Disable Avast Service (Not Recommended)

windows

Temporarily disable the Avast service to prevent exploitation, but this leaves the system unprotected.

sc stop AvastSvc
sc config AvastSvc start= disabled

🧯 If You Can't Patch

  • Implement strict access controls to prevent unauthorized local access to systems
  • Monitor for Avast service crashes and investigate any unexpected service terminations

🔍 How to Verify

Check if Vulnerable:

Check Avast version in the application or via 'wmic product where name="Avast Antivirus" get version'

Check Version:

wmic product where name="Avast Antivirus" get version

Verify Fix Applied:

Verify Avast version is 20.0.0 or higher and check that AvastSvc.exe is running normally

📡 Detection & Monitoring

Log Indicators:

  • Unexpected crashes of AvastSvc.exe in Windows Event Logs
  • Application errors related to aswAvLog.dll

Network Indicators:

  • No specific network indicators as this is a local vulnerability

SIEM Query:

EventID=1000 OR EventID=1001 AND ProcessName="AvastSvc.exe"

📊 Metadata

CVE ID: CVE-2020-10860
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-787
Published: April 1, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-10860, you might also want to check these:

CVE-2019-5684 10.0

This vulnerability in NVIDIA Windows GPU Display Drivers allows specially crafted DirectX shaders to...

Same vulnerability type (CWE-787)
CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2019-5049 10.0

This vulnerability allows an attacker to execute arbitrary code on systems with vulnerable AMD graph...

Same vulnerability type (CWE-787)