CVE-2020-7280

CWE-269Improper Privilege Management3 documents3 sources
Severity
7.8HIGH
EPSS
0.0%
top 87.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mcafee, LLC Mcafee Virusscan Enterprise (vse)Mcafee Virusscan Enterprise
Timeline
PublishedJun 10
Latest updateMay 24

Description

Privilege Escalation vulnerability during daily DAT updates when using McAfee Virus Scan Enterprise (VSE) prior to 8.8 Patch 15 allows local users to cause the deletion and creation of files they would not normally have permission to through altering the target of symbolic links. This is timing dependent.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5mcafee,_llc/mcafee_virusscan_enterprise_(vse)8.8.x8.8 Patch 15

🔴Vulnerability Details

2
GHSA
GHSA-cpp4-9ggm-fr5x: Privilege Escalation vulnerability during daily DAT updates when using McAfee Virus Scan Enterprise (VSE) prior to 82022-05-24
CVEList
Symbolic Link vulnerability during DAT update2020-06-10
CVE-2020-7280 (HIGH CVSS 7.8) | Privilege Escalation vulnerability | cvebase.io