CVE-2020-7266

Published: May 8, 2020Modified: Nov 21, 2024

8.4

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

Exploitability: 2.0 / Impact: 5.8

Source: NVD

Description

Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE) for Windows prior to 8.8 Patch 14 Hotfix 116778 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.

Affected (2)

Products: Mcafee: Virusscan Enterprise

1 product

Virusscan Enterprise

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Mcafee Virusscan Enterprise	From 1.9.0 to 1.9.2
Mcafee Virusscan Enterprise	From 2.0.0 to 2.0.3

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Improper Handling of Insufficient Privileges

The product does not handle or incorrectly handles when it has insufficient privileges to perform an operation, leading to resultant weaknesses.

References (2)

https://kc.mcafee.com/corporate/index?page=content&id=SB10316

Source: trellixpsirt@trellix.com

https://kc.mcafee.com/corporate/index?page=content&id=SB10316

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.