PT-2020-14108 · Iobit · Iobit Advanced Systemcare

Daniel Gebert

Published

2020-06-22

Updated

2021-07-21

CVE-2020-14990

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions IOBit Advanced SystemCare Free version 13.5.0.263

Description The issue allows local users to gain privileges for file deletion by manipulating the Clean & Optimize feature. This is achieved through the use of an NTFS junction and an Object Manager symbolic link.

Recommendations For IOBit Advanced SystemCare Free version 13.5.0.263, consider restricting access to the Clean & Optimize feature until a patch is available. As a temporary workaround, avoid using the Clean & Optimize feature to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

CVE-2020-14990

Affected Products

Iobit Advanced Systemcare

PT-2020-14108 · Iobit · Iobit Advanced Systemcare

CVE-2020-14990

Weakness Enumeration

Related Identifiers

Affected Products

References · 4