CVE-2020-7267

CWE-274CWE-269Improper Privilege Management3 documents3 sources
Severity
8.4HIGH
EPSS
0.0%
top 89.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mcafee,llc Mcafee Virusscan Enterprise (vse) FOR LinuxMcafee Virusscan Enterprise
Timeline
PublishedMay 8
Latest updateMay 24

Description

Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE) for Linux prior to 2.0.3 Hotfix 2635000 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages2 packages

CVEListV5mcafee,llc/mcafee_virusscan_enterprise_(vse)_for_linux2.0.x2.0.3 Hotfix 2635000

🔴Vulnerability Details

2
GHSA
GHSA-2f9x-cj33-r657: Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE) for Linux prior to 22022-05-24
CVEList
Privilege Escalation vulnerability through symbolic links in VSEL2020-05-08
CVE-2020-7267 (HIGH CVSS 8.4) | Privilege Escalation vulnerability | cvebase.io