CVE-2020-11446
HIGHESET Antivirus and Antispyware Module 1553-1560 - Privilege Escalation via Hard Link Manipulation
Title source: llmDescription
ESET Antivirus and Antispyware Module module 1553 through 1560 allows a user with limited access rights to create hard links in some ESET directories and then force the product to write through these links into files that would normally not be write-able by the user, thus achieving privilege escalation.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://support.eset.com/en/ca7489-local-privilege-escalation-vulnerability-fixed-in-eset-products-for-windows
Scores
CVSS v3
7.8
EPSS
0.0036
EPSS Percentile
28.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-59
Status
published
Products (8)
eset/antivirus_and_antispyware
1553 - 1560
eset/endpoint_antivirus
eset/endpoint_security
eset/file_security
eset/internet_security
eset/mail_security
(4 CPE variants)
eset/nod32_antivirus
(2 CPE variants)
eset/smart_security
(3 CPE variants)
Published
Apr 29, 2020
Tracked Since
Feb 18, 2026