CVE-2020-7267

Published: May 8, 2020Modified: Nov 21, 2024

8.4

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

Exploitability: 2.0 / Impact: 5.8

Source: NVD

Description

Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE) for Linux prior to 2.0.3 Hotfix 2635000 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.

Affected (14)

Products: Mcafee: Virusscan Enterprise

Mcafee

1 product

Virusscan Enterprise

Configuration A

14 vulnerable

Vulnerable Software	Affected Versions
Mcafee Virusscan Enterprise	Version 8.8
Mcafee Virusscan Enterprise	Version 8.8 patch10
Mcafee Virusscan Enterprise	Version 8.8 patch11
Mcafee Virusscan Enterprise	Version 8.8 patch12
Mcafee Virusscan Enterprise	Version 8.8 patch13
Mcafee Virusscan Enterprise	Version 8.8 patch1
Mcafee Virusscan Enterprise	Version 8.8 patch2
Mcafee Virusscan Enterprise	Version 8.8 patch3
Mcafee Virusscan Enterprise	Version 8.8 patch4
Mcafee Virusscan Enterprise	Version 8.8 patch5
Mcafee Virusscan Enterprise	Version 8.8 patch6
Mcafee Virusscan Enterprise	Version 8.8 patch7
Mcafee Virusscan Enterprise	Version 8.8 patch8
Mcafee Virusscan Enterprise	Version 8.8 patch9

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

CWE-274

Improper Handling of Insufficient Privileges

The product does not handle or incorrectly handles when it has insufficient privileges to perform an operation, leading to resultant weaknesses.

References (2)

https://kc.mcafee.com/corporate/index?page=content&id=SB10316

Source: trellixpsirt@trellix.com

https://kc.mcafee.com/corporate/index?page=content&id=SB10316

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.