CVE-2020-15732

Improper Certificate Validation vulnerability in the Online Threat Prevention module as used in Bitdefender Total Security allows an attacker to potentially bypass HTTP Strict Transport Security (HSTS) checks. This issue affects: Bitdefender Total Security versions prior to 25.0.7.29. Bitdefender Internet Security versions prior to 25.0.7.29. Bitdefender Antivirus Plus versions prior to 25.0.7.29.

Weakness

The product does not validate, or incorrectly validates, a certificate.

Affected Software

Name	Vendor	Start Version	End Version
Antivirus_plus	Bitdefender	*	25.0.7.29 (excluding)
Internet_security	Bitdefender	*	25.0.7.29 (excluding)
Total_security	Bitdefender	*	25.0.7.29 (excluding)

Potential Mitigations

https://cwe.mitre.org/data/definitions/459.html
https://cwe.mitre.org/data/definitions/475.html

References

https://www.bitdefender.com/support/security-advisories/improper-certificate-validation-bitdefender-total-security-va-8957
https://www.bitdefender.com/support/security-advisories/improper-certificate-validation-bitdefender-total-security-va-8957

NVD	https://nvd.nist.gov/vuln/detail/CVE-2020-15732
CWE	https://cwe.mitre.org/data/definitions/295.html

Improper Certificate Validation

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References