CVE-2020-13657

An elevation of privilege vulnerability exists in Avast Free Antivirus and AVG AntiVirus Free before 20.4 due to improperly handling hard links. The vulnerability allows local users to take control of arbitrary files.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
avastavg_antivirus
𝑥
< 20.4
avastfree_antivirus
𝑥
< 20.4
𝑥
= Vulnerable software versions
References
https://forum.avast.com/index.php?topic=232423.0
https://forum.avast.com/index.php?topic=234638.0
https://forum.avast.com/index.php?topic=232423.0
https://forum.avast.com/index.php?topic=234638.0