CVE-2020-12463

An elevation of privilege vulnerability exists in Avira Software Updater before 2.0.6.27476 due to improperly handling file hard links. This allows local users to obtain take control of arbitrary files.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
avirasoftware_updater
𝑥
< 2.0.6.27476
𝑥
= Vulnerable software versions
References
https://support.avira.com/hc/en-us/articles/360000142857-Avira-Software-Updater
https://support.avira.com/hc/en-us/articles/360000142857-Avira-Software-Updater