PT-2020-12614 · Eset · Eset Antivirus/Antispyware Module

Khang Kì Tổ

Published

2020-04-29

Updated

2021-07-21

CVE-2020-11446

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ESET Antivirus and Antispyware Module versions 1553 through 1560

Description The issue allows a user with limited access rights to create hard links in some ESET directories and then force the product to write through these links into files that would normally not be write-able by the user, thus achieving privilege escalation.

Recommendations For ESET Antivirus and Antispyware Module versions 1553 through 1560, consider restricting access to the affected directories to prevent users with limited access rights from creating hard links, until a patch is available.

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

CVE-2020-11446

Affected Products

Eset Antivirus/Antispyware Module

PT-2020-12614 · Eset · Eset Antivirus/Antispyware Module

CVE-2020-11446

Weakness Enumeration

Related Identifiers

Affected Products

References · 4