CVE-2020-7266

CWE-274CWE-269Improper Privilege Management3 documents3 sources
Severity
8.4HIGH
EPSS
0.0%
top 89.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mcafee,llc Mcafee Virusscan Enterprise (vse) FOR WindowsMcafee Virusscan Enterprise
Timeline
PublishedMay 8
Latest updateMay 24

Description

Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE) for Windows prior to 8.8 Patch 14 Hotfix 116778 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages2 packages

CVEListV5mcafee,llc/mcafee_virusscan_enterprise_(vse)_for_windows8.8.x8.8 Patch 14 Hotfix 116778
NVDmcafee/virusscan_enterprise1.9.01.9.2+1

🔴Vulnerability Details

2
GHSA
GHSA-v42h-cjgv-79ww: Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE) for Windows prior to 82022-05-24
CVEList
Privilege Escalation vulnerability through symbolic links in VSE for Windows2020-05-08
CVE-2020-7266 (HIGH CVSS 8.4) | Privilege Escalation vulnerability | cvebase.io