{"api_version":"1","generated_at":"2026-04-23T09:38:32+00:00","cve":"CVE-2020-13657","urls":{"html":"https://cve.report/CVE-2020-13657","api":"https://cve.report/api/cve/CVE-2020-13657.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-13657","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-13657"},"summary":{"title":"CVE-2020-13657","description":"An elevation of privilege vulnerability exists in Avast Free Antivirus and AVG AntiVirus Free before 20.4 due to improperly handling hard links. The vulnerability allows local users to take control of arbitrary files.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2020-06-29 18:15:00","updated_at":"2021-07-21 11:39:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://forum.avast.com/index.php?topic=232423.0","name":"https://forum.avast.com/index.php?topic=232423.0","refsource":"CONFIRM","tags":["Release Notes","Vendor Advisory"],"title":"Release history with notes (2020)","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://forum.avast.com/index.php?topic=234638.0","name":"https://forum.avast.com/index.php?topic=234638.0","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"NEW Avast Version 20.4 (June 2020)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-13657","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13657","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"13657","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"avast","cpe5":"avg_antivirus","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"free","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"13657","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"avast","cpe5":"avg_antivirus","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"free","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"13657","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"avast","cpe5":"free_antivirus","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"13657","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"avast","cpe5":"free_antivirus","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2020-13657","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An elevation of privilege vulnerability exists in Avast Free Antivirus and AVG AntiVirus Free before 20.4 due to improperly handling hard links. The vulnerability allows local users to take control of arbitrary files."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"refsource":"CONFIRM","name":"https://forum.avast.com/index.php?topic=234638.0","url":"https://forum.avast.com/index.php?topic=234638.0"},{"refsource":"CONFIRM","name":"https://forum.avast.com/index.php?topic=232423.0","url":"https://forum.avast.com/index.php?topic=232423.0"}]}},"nvd":{"publishedDate":"2020-06-29 18:15:00","lastModifiedDate":"2021-07-21 11:39:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":5.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:P/A:N","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":2.1},"severity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:avast:avg_antivirus:*:*:*:*:free:*:*:*","versionEndExcluding":"20.4","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:avast:free_antivirus:*:*:*:*:*:*:*:*","versionEndExcluding":"20.4","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"13657","Ordinal":"174844","Title":"CVE-2020-13657","CVE":"CVE-2020-13657","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"13657","Ordinal":"1","NoteData":"An elevation of privilege vulnerability exists in Avast Free Antivirus and AVG AntiVirus Free before 20.4 due to improperly handling hard links. The vulnerability allows local users to take control of arbitrary files.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"13657","Ordinal":"2","NoteData":"2020-06-29","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"13657","Ordinal":"3","NoteData":"2020-06-29","Type":"Other","Title":"Modified"}]}}}