CVE-2020-7337

CWE-732Incorrect Permission Assignment3 documents3 sources
Severity
6.7MEDIUM
EPSS
0.0%
top 90.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mcafee Virusscan EnterpriseMcafee, LLC Virusscan Enterprise (vse)
Timeline
PublishedDec 9
Latest updateMay 24

Description

Incorrect Permission Assignment for Critical Resource vulnerability in McAfee VirusScan Enterprise (VSE) prior to 8.8 Patch 16 allows local administrators to bypass local security protection through VSE not correctly integrating with Windows Defender Application Control via careful manipulation of the Code Integrity checks.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:HExploitability: 0.6 | Impact: 5.9

Affected Packages2 packages

CVEListV5mcafee,_llc/virusscan_enterprise_(vse)8.8.xpatch 15

🔴Vulnerability Details

2
GHSA
GHSA-38q2-qj9f-p542: Incorrect Permission Assignment for Critical Resource vulnerability in McAfee VirusScan Enterprise (VSE) prior to 82022-05-24
CVEList
Incorrect Permission Assignment for Critical Resource2020-12-09
CVE-2020-7337 (MEDIUM CVSS 6.7) | Incorrect Permission Assignment for | cvebase.io