Lucene search

MitreCVE-2020-25289

HistorySep 13, 2020 - 8:15 p.m.

CVE-2020-25289

2020-09-1320:15:10

CWE-59

mitre

web.nvd.nist.gov

cve-2020-25289

vpn service

avast secureline

vulnerability

file write

object manager symbolic link

nvd

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

5.5

Confidence

High

EPSS

Percentile

5.1%

JSON

The VPN service in AVAST SecureLine before 5.6.4982.470 allows local users to write to arbitrary files via an Object Manager symbolic link from the log directory (which has weak permissions).

Affected configurations

Nvd

Node

avastsecureline_vpnRange<5.6.4982.470

VendorProductVersionCPE
avastsecureline_vpn*cpe:2.3:a:avast:secureline_vpn:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
avast	secureline_vpn	*	cpe:2.3:a:avast:secureline_vpn::::::::

References

zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

5.5

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2020-25289