First published: Sun Sep 13 2020(Updated: )
The VPN service in AVAST SecureLine before 5.6.4982.470 allows local users to write to arbitrary files via an Object Manager symbolic link from the log directory (which has weak permissions).
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Avast Secureline Vpn | <5.6.4982.470 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this AVAST SecureLine VPN vulnerability is CVE-2020-25289.
The severity of CVE-2020-25289 is medium with a CVSS score of 5.5.
CVE-2020-25289 allows local users to write to arbitrary files on AVAST SecureLine VPN through a symbolic link from the log directory.
AVAST SecureLine VPN version up to exclusive 5.6.4982.470 is affected by CVE-2020-25289.
Yes, updating AVAST SecureLine VPN to version 5.6.4982.470 or later will fix CVE-2020-25289.