CVE-2020-7280

Published: Jun 10, 2020Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Privilege Escalation vulnerability during daily DAT updates when using McAfee Virus Scan Enterprise (VSE) prior to 8.8 Patch 15 allows local users to cause the deletion and creation of files they would not normally have permission to through altering the target of symbolic links. This is timing dependent.

Affected (15)

Products: Mcafee: Virusscan Enterprise

Mcafee

1 product

Virusscan Enterprise

Configuration A

15 vulnerable

Vulnerable Software	Affected Versions
Mcafee Virusscan Enterprise	Version 8.8
Mcafee Virusscan Enterprise	Version 8.8 patch10
Mcafee Virusscan Enterprise	Version 8.8 patch11
Mcafee Virusscan Enterprise	Version 8.8 patch12
Mcafee Virusscan Enterprise	Version 8.8 patch13
Mcafee Virusscan Enterprise	Version 8.8 patch14
Mcafee Virusscan Enterprise	Version 8.8 patch1
Mcafee Virusscan Enterprise	Version 8.8 patch2
Mcafee Virusscan Enterprise	Version 8.8 patch3
Mcafee Virusscan Enterprise	Version 8.8 patch4
Mcafee Virusscan Enterprise	Version 8.8 patch5
Mcafee Virusscan Enterprise	Version 8.8 patch6
Mcafee Virusscan Enterprise	Version 8.8 patch7
Mcafee Virusscan Enterprise	Version 8.8 patch8
Mcafee Virusscan Enterprise	Version 8.8 patch9

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (4)

https://kc.mcafee.com/corporate/index?page=content&id=SB10302

Source: trellixpsirt@trellix.com

https://www.zerodayinitiative.com/advisories/ZDI-20-702/

Source: trellixpsirt@trellix.com

https://kc.mcafee.com/corporate/index?page=content&id=SB10302

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.zerodayinitiative.com/advisories/ZDI-20-702/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.