Main Vulnerability Database Vulnerabilities #VU48782

Link following in G DATA Internet Security - #VU48782

Published: December 4, 2020

Vulnerability identifier: #VU48782

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-59

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
G DATA Internet Security

Software vendor:
G DATA CyberDefense AG

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to the application follows symbolic links when restoring files. A local user can create a specially crafted file that points to a critical file on the system and abuse the file restore mechanism to overwrite arbitrary files on the system.

Successful exploitation of the vulnerability may allow privilege escalation.

Remediation

Install updates from vendor's website.

External links

https://fortiguard.com/zeroday/FG-VD-20-120

Link following in G DATA Internet Security - #VU48782

Description

Remediation

External links

Please verify you're human