SB2020082304 - Privilege escalation in G DATA Internet Security
Published: August 23, 2020 Updated: December 4, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Link following (CVE-ID: N/A)
CWE-ID: CWE-59 - Improper Link Resolution Before File Access ('Link Following')
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the application follows symbolic links when restoring files. A local user can create a specially crafted file that points to a critical file on the system and abuse the file restore mechanism to overwrite arbitrary files on the system.
Successful exploitation of the vulnerability may allow privilege escalation.
Remediation
Install update from vendor's website.