CVE-2020-8094
Published: 15 January 2025
Summary
CVE-2020-8094 is a high-severity Untrusted Search Path (CWE-426) vulnerability in Bitdefender Antivirus 2020. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique DLL (T1574.001); ranked at the 8.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-14 (Signed Components) and CM-6 (Configuration Settings).
Deeper analysis
CVE-2020-8094 is an untrusted search path vulnerability (CWE-426) affecting the testinitsigs.exe component in Bitdefender Antivirus Free 2020. This flaw allows malicious code execution due to the executable searching for DLLs in untrusted directories before secure paths.
A low-privilege local attacker can exploit this vulnerability by placing a specially crafted DLL file in an untrusted search path location. When a user runs testinitsigs.exe, it loads the attacker's DLL instead of the legitimate one, enabling arbitrary code execution with SYSTEM privileges. The CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) reflects requirements for local access, low attack complexity, no privileges, and user interaction, with high impacts on confidentiality, integrity, and availability.
Bitdefender has published security advisory VA-8422 detailing the untrusted search path vulnerability in Antivirus Free 2020, available at https://www.bitdefender.com/support/security-advisories/untrusted-search-path-vulnerability-bitdefender-antivirus-free-2020-va-8422/. Practitioners should consult this advisory for patch information and mitigation guidance.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2020-29005
Vulnerability details
An untrusted search path vulnerability in testinitsigs.exe as used in Bitdefender Antivirus Free 2020 allows a low-privilege attacker to execute code as SYSTEM via a specially crafted DLL file.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Untrusted search path in testinitsigs.exe directly enables DLL side-loading (T1574.002) by a local attacker placing a malicious DLL, resulting in arbitrary code execution and privilege escalation to SYSTEM (T1068).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the untrusted search path flaw in testinitsigs.exe by identifying, reporting, and applying vendor-provided patches as specified in the Bitdefender advisory.
Enforces secure configuration settings such as Windows SafeDLLSearchMode to prioritize system directories over untrusted paths, preventing DLL loading from attacker-controlled locations.
Requires the use of digitally signed DLL components from trusted sources, blocking the execution of malicious unsigned DLLs placed in untrusted search paths by testinitsigs.exe.