CVE-2020-8987
First published: Mon Mar 09 2020(Updated: )
Avast AntiTrack before 1.5.1.172 and AVG Antitrack before 2.0.0.178 proxies traffic to HTTPS sites but does not validate certificates, and thus a man-in-the-middle can host a malicious website using a self-signed certificate. No special action necessary by the victim using AntiTrack with "Allow filtering of HTTPS traffic for tracking detection" enabled. (This is the default configuration.)
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Avast AntiTrack | <1.5.1.172 | |
| Avast Avg Antitrack | <2.0.0.178 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2020-8987.
What is the affected software?
The affected software includes Avast AntiTrack before 1.5.1.172 and AVG Antitrack before 2.0.0.178.
What is the severity of CVE-2020-8987?
The severity of CVE-2020-8987 is high with a CVSS score of 7.4.
What is the impact of this vulnerability?
This vulnerability allows a man-in-the-middle to host a malicious website using a self-signed certificate.
How can the vulnerability be fixed?
To fix this vulnerability, it is recommended to update Avast AntiTrack to version 1.5.1.172 or higher, and AVG Antitrack to version 2.0.0.178 or higher.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/avast
- canonical/avast antitrack
- canonical/avast avg antitrack