CVE-2020-10866: 
Avast Antivirus vulnerability analysis and mitigation

An issue was discovered in Avast Antivirus before version 20. The vulnerability affects the aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe), which allows attackers to enumerate the network interfaces and access points from a Low Integrity process via RPC. The vulnerability was disclosed on April 1, 2020, and is tracked as CVE-2020-10866 (NVD).

The vulnerability has a CVSS v3.1 Base Score of 7.5 HIGH with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. The issue is related to the aswTask RPC endpoint functionality in the Avast Service (AvastSvc.exe) component, which improperly allows low-privileged processes to access network interface information. The vulnerability is associated with CWE-326 (Inadequate Encryption Strength) (NVD).

The vulnerability allows attackers to enumerate network interfaces and access points from a Low Integrity process through RPC calls. This could potentially expose sensitive network configuration information to unauthorized users or processes (Github Disclosure).

The vulnerability was fixed in Avast Antivirus version 20. Users should upgrade to version 20 or later to mitigate this security issue (NVD).