CVE-2024-13990
published 2025-09-19CVE-2024-13990: MicroWorld eScan AV's update mechanism failed to ensure authenticity and integrity of updates: update packages were delivered and accepted without robust…
PriorityP183critical9.3CVSS 4.0
AVNACLATNPRNUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.57%
43.1th percentile
MicroWorld eScan AV's update mechanism failed to ensure authenticity and integrity of updates: update packages were delivered and accepted without robust cryptographic verification. As a result, an on-path attacker could perform a man-in-the-middle (MitM) attack and substitute malicious update payloads for legitimate ones. The eScan AV client accepted these substituted packages and executed or loaded their components (including sideloaded DLLs and Java/installer payloads), enabling remote code execution on affected systems. MicroWorld eScan confirmed remediation of the update mechanism on 2023-07-31 but versioning details are unavailable. NOTE: MicroWorld eScan disputes the characterization in third-party reports, stating the issue relates to 2018–2019 and that controls were implemented then.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microworld_technologies | escan_av | — | — |
CVSS provenance
nvdv4.09.3CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vulncheck9.3CRITICAL
vendor_oracle9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5327-q2rh-5x5w: MicroWorld eScan AV's update mechanism failed to ensure authenticity and integrity of updates: update packages were delivered and accepted without rob
ghsa_unreviewed·2025-09-19
CVE-2024-13990 [CRITICAL] CWE-295 GHSA-5327-q2rh-5x5w: MicroWorld eScan AV's update mechanism failed to ensure authenticity and integrity of updates: update packages were delivered and accepted without rob
MicroWorld eScan AV's update mechanism failed to ensure authenticity and integrity of updates: update packages were delivered and accepted without robust cryptographic verification. As a result, an on-path attacker could perform a man-in-the-middle (MitM) attack and substitute malicious update payloads for legitimate ones. The eScan AV client accepted these substituted packages and executed or loaded their components (including sideloaded DLLs and Java/installer payloads), enabling remote code execution on affected systems. MicroWorld eScan confirmed remediation of the update mechanism on 2023-07-31 but versioning details are unavailable. NOTE: MicroWorld eScan disputes the characterization in third-party reports, stating the issue relates to 2018–2019 and that controls were implemented th
VulnCheck
Improper Certificate Validation
vulncheck·2024·CVSS 9.3
CVE-2024-13990 [CRITICAL] Improper Certificate Validation
Improper Certificate Validation
MicroWorld eScan AV's update mechanism failed to ensure authenticity and integrity of updates: update packages were delivered and accepted without robust cryptographic verification. As a result, an on-path attacker could perform a man-in-the-middle (MitM) attack and substitute malicious update payloads for legitimate ones. The eScan AV client accepted these substituted packages and executed or loaded their components (including sideloaded DLLs and Java/installer payloads), enabling remote code execution on affected systems. MicroWorld eScan confirmed remediation of the update mechanism on 2023-07-31 but versioning details are unavailable. NOTE: MicroWorld eScan disputes the characterization in third-party reports, stating the issue relates to 2018–2019 and
Oracle
Oracle Oracle Fusion Middleware Risk Matrix: Third Party (Quartz) — CVE-2019-13990
vendor_oracle·2024-04-15·CVSS 9.8
CVE-2019-13990 [CRITICAL] Oracle Oracle Fusion Middleware Risk Matrix: Third Party (Quartz) — CVE-2019-13990
Oracle Oracle Fusion Middleware Risk Matrix: Third Party (Quartz) vulnerability
CVE: CVE-2019-13990
CVSS: 9.8
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpuapr2024 (APR 2024)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://arstechnica.com/security/2024/04/hackers-infect-users-of-antivirus-service-that-delivered-updates-over-http/https://blog.avast.com/leading-the-charge-against-guptiminerhttps://securityaffairs.com/162228/breaking-news/escan-antivirus-mitm-attack.htmlhttps://thehackernews.com/2024/04/escan-antivirus-update-mechanism.htmlhttps://www.bleepingcomputer.com/news/security/hackers-hijack-antivirus-updates-to-drop-guptiminer-malware/https://www.escanav.com/en/about-us/eScan-update-advisory.asphttps://www.gendigital.com/blog/insights/research/guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mininghttps://www.vulncheck.com/advisories/microworld-escan-av-insecure-update-mechanism-allows-mitm-replacement-of-updates
2025-09-19
Published
Exploited in the wild