CVE-2020-11446
First published: Wed Apr 29 2020(Updated: )
ESET Antivirus and Antispyware Module module 1553 through 1560 allows a user with limited access rights to create hard links in some ESET directories and then force the product to write through these links into files that would normally not be write-able by the user, thus achieving privilege escalation.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ESET Antivirus and Antispyware | >=1553<=1560 | |
| Eset Endpoint Antivirus | ||
| Eset Endpoint Security | ||
| Eset File Security | ||
| ESET Internet Security | ||
| Eset Mail Security | ||
| Eset Mail Security | ||
| Eset Mail Security | ||
| Eset Mail Security | ||
| Eset Nod32 Antivirus | ||
| Eset Nod32 Antivirus | ||
| ESET Smart Security | ||
| ESET Smart Security | ||
| ESET Smart Security |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-11446?
CVE-2020-11446 is a vulnerability that allows a user with limited access rights to create hard links in some ESET directories and then force the product to write through these links into files that would normally not be writable by the user, thus achieving privilege escalation.
Which versions of ESET Antivirus and Antispyware are affected by CVE-2020-11446?
Versions 1553 through 1560 of ESET Antivirus and Antispyware are affected by CVE-2020-11446.
How can an attacker exploit CVE-2020-11446?
An attacker with limited access rights can exploit CVE-2020-11446 by creating hard links in ESET directories and then forcing the product to write through these links into files that would normally not be writable by the user.
What is the severity of CVE-2020-11446?
The severity of CVE-2020-11446 is high, with a CVSS score of 7.8.
How can I fix CVE-2020-11446?
To fix CVE-2020-11446, users should update their ESET products for Windows to the latest version as provided by the vendor.
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/weakness
- agent/author
- agent/references
- agent/severity
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/eset
- canonical/eset antivirus and antispyware
- version/eset antivirus and antispyware/1553
- version/eset antivirus and antispyware/1560
- canonical/eset endpoint antivirus
- canonical/eset endpoint security
- canonical/eset file security
- canonical/eset internet security
- canonical/eset mail security
- canonical/eset nod32 antivirus
- canonical/eset smart security