CVE-2020-10867: 
Avast Antivirus vulnerability analysis and mitigation

A security vulnerability (CVE-2020-10867) was discovered in Avast Antivirus versions prior to 20. The vulnerability specifically affects the aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe), allowing attackers to bypass intended access restrictions on tasks from an untrusted process when Self Defense is enabled (NVD, CVE).

The vulnerability has been assigned a CVSS v3.1 base score of 9.8 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The vulnerability is classified under CWE-668 (Exposure of Resource to Wrong Sphere). This indicates that the vulnerability has network accessibility, requires low attack complexity, needs no privileges or user interaction, and can result in high impacts to confidentiality, integrity, and availability (NVD).

The vulnerability allows attackers to bypass intended access restrictions on tasks from an untrusted process, potentially compromising the security of the Avast Antivirus service. Given the CVSS score of 9.8, this vulnerability could lead to complete compromise of system confidentiality, integrity, and availability (NVD).

The vulnerability was addressed in Avast Antivirus version 20. Users should upgrade to version 20 or later to mitigate this security risk (NVD).