Avg Antivirus
CVE-2020-13657
MEDIUM
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Lifecycle Timeline
1DescriptionNVD
An elevation of privilege vulnerability exists in Avast Free Antivirus and AVG AntiVirus Free before 20.4 due to improperly handling hard links. The vulnerability allows local users to take control of arbitrary files.
AnalysisAI
An elevation of privilege vulnerability exists in Avast Free Antivirus and AVG AntiVirus Free before 20.4 due to improperly handling hard links. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
An elevation of privilege vulnerability exists in Avast Free Antivirus and AVG AntiVirus Free before 20.4 due to improperly handling hard links. The vulnerability allows local users to take control of arbitrary files. Affected products include: Avast Avg Antivirus, Avast Free Antivirus. Version information: before 20.4.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Avg Antivirus
View allA vulnerability within the malware removal functionality of Avast and AVG Antivirus allowed an attacker with write acces
Local code execution and denial-of-service in Gen Digital antivirus engines (Avast, AVG, Norton, Avast One, Avast Busine
Local code execution or antivirus-process denial-of-service in Gen Digital's shared scanning engine (Avast Antivirus, AV
Out-of-bounds heap read in the Gen Digital antivirus scanning engine (Avast, AVG, Norton, Avast One, Avast Business) all
Heap out-of-bounds write in Gen Digital's shared antivirus scanning engine allows local code execution or denial of serv
A time-of-check to time-of-use (TOCTOU) bug in handling of IOCTL (input/output control) requests. Rated high severity (C
Stack overflow in Gen Digital's shared antivirus scanning engine crashes the AV process when it parses a malformed Offic
Stack overflow via uncontrolled recursion crashes the antivirus scanning process across all Gen Digital consumer and bus
Stack use-after-free in the Gen Digital shared antivirus scanning engine crashes the antivirus process when it parses a
Uncontrolled recursion in the Gen Digital shared scanning engine crashes the antivirus process when it encounters a spec
The Anti-theft service in AVG AntiVirus for Android allows physically proximate attackers to provide arbitrary location
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today