CVE-2020-12463

EUVD-2020-4772
An elevation of privilege vulnerability exists in Avira Software Updater before 2.0.6.27476 due to improperly handling file hard links. This allows local users to obtain take control of arbitrary files.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 13%
Affected Products (NVD)
VendorProductVersion
avirasoftware_updater
𝑥
< 2.0.6.27476
𝑥
= Vulnerable software versions
References
https://support.avira.com/hc/en-us/articles/360000142857-Avira-Software-Updater
https://support.avira.com/hc/en-us/articles/360000142857-Avira-Software-Updater