CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-25289

The VPN service in AVAST SecureLine before 5.6.4982.470 allows local users to write to arbitrary files via an Object Manager symbolic link from the log directory (which has weak permissions).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 11.4%

CVSS Severity

CVSS v3 Score 5.5

CVSS v2 Score 2.1

References

http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html

Products affected by CVE-2020-25289

Avast » Secureline Vpn » Version: N/A

cpe:2.3:a:avast:secureline_vpn:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-25289

Products

Pricing

Contact Us