Approved changes feed: RSS · Atom
cpe:2.3:a:microworld_technologies:escan_av:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Microworld Technologies (dded6eb5-b6d1-56da-a61c-d294d6c45a17) |
|---|---|
| Product | Escan Av (4e116519-fdcb-5a78-a943-b82cdb22388a) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-13990 |
vulnerable | 2026-06-08 06:25:38.840857 |
MicroWorld eScan AV Insecure Update Mechanism Allows Man-in-the-Middle Replacement of Updates
MicroWorld eScan AV's update mechanism failed to ensure authenticity and integrity of updates: update packages were delivered and accepted without robust cryptographic verification. As a result, an on-path attacker could perform a man-in-the-middle (MitM) attack and substitute malicious update payloads for legitimate ones. The eScan AV client accepted these substituted packages and executed or loaded their components (including sideloaded DLLs and Java/installer payloads), enabling remote code execution on affected systems. MicroWorld eScan confirmed remediation of the update mechanism on 2023-07-31 but versioning details are unavailable. NOTE: MicroWorld eScan disputes the characterization in third-party reports, stating the issue relates to 2018–2019 and that controls were implemented then.
Published: 2025-09-19T18:54:08.729Z
Updated: 2025-11-19T15:58:41.454Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.