CVE-2020-28407
Summary
A vulnerability (CVE-2020-28407) has been identified in swtpm versions prior to 0.4.2 and 0.5.1. A local attacker can exploit this flaw by using a symlink attack against a temporary file to overwrite arbitrary files on the system.
IFF Assessment
FOE
This vulnerability allows local attackers to gain elevated privileges or cause denial of service by overwriting critical system files.
Severity
7.1
High
Defender Context
This vulnerability highlights the importance of secure handling of temporary files, especially in trusted computing environments like those using TPM emulation. Defenders should ensure systems are updated to patched versions of swtpm and monitor for any unusual file modification activities, particularly involving temporary file locations.