CVE-2020-13657

EUVD-2020-5898
An elevation of privilege vulnerability exists in Avast Free Antivirus and AVG AntiVirus Free before 20.4 due to improperly handling hard links. The vulnerability allows local users to take control of arbitrary files.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 9%
Affected Products (NVD)
VendorProductVersion
avastavg_antivirus
𝑥
< 20.4
avastfree_antivirus
𝑥
< 20.4
𝑥
= Vulnerable software versions
References
https://forum.avast.com/index.php?topic=232423.0
https://forum.avast.com/index.php?topic=234638.0
https://forum.avast.com/index.php?topic=232423.0
https://forum.avast.com/index.php?topic=234638.0