Vulnerability Description
Privilege Escalation vulnerability during daily DAT updates when using McAfee Virus Scan Enterprise (VSE) prior to 8.8 Patch 15 allows local users to cause the deletion and creation of files they would not normally have permission to through altering the target of symbolic links. This is timing dependent.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mcafee | Virusscan Enterprise | 8.8 |
Related Weaknesses (CWE)
References
- https://kc.mcafee.com/corporate/index?page=content&id=SB10302
- https://www.zerodayinitiative.com/advisories/ZDI-20-702/
- https://kc.mcafee.com/corporate/index?page=content&id=SB10302
- https://www.zerodayinitiative.com/advisories/ZDI-20-702/
FAQ
What is CVE-2020-7280?
CVE-2020-7280 is a vulnerability with a CVSS score of 7.8 (HIGH). Privilege Escalation vulnerability during daily DAT updates when using McAfee Virus Scan Enterprise (VSE) prior to 8.8 Patch 15 allows local users to cause the deletion and creation of files they woul...
How severe is CVE-2020-7280?
CVE-2020-7280 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-7280?
Check the references section above for vendor advisories and patch information. Affected products include: Mcafee Virusscan Enterprise.