CVE-2020-25289
First published: Sun Sep 13 2020(Updated: )
The VPN service in AVAST SecureLine before 5.6.4982.470 allows local users to write to arbitrary files via an Object Manager symbolic link from the log directory (which has weak permissions).
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Avast Secureline Vpn | <5.6.4982.470 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this AVAST SecureLine VPN vulnerability?
The vulnerability ID for this AVAST SecureLine VPN vulnerability is CVE-2020-25289.
What is the severity of CVE-2020-25289?
The severity of CVE-2020-25289 is medium with a CVSS score of 5.5.
How does CVE-2020-25289 impact AVAST SecureLine VPN?
CVE-2020-25289 allows local users to write to arbitrary files on AVAST SecureLine VPN through a symbolic link from the log directory.
Which version of AVAST SecureLine VPN is affected by CVE-2020-25289?
AVAST SecureLine VPN version up to exclusive 5.6.4982.470 is affected by CVE-2020-25289.
Is there a fix available for CVE-2020-25289?
Yes, updating AVAST SecureLine VPN to version 5.6.4982.470 or later will fix CVE-2020-25289.
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/avast
- canonical/avast secureline vpn