7.8

CVE-2020-7280

Privilege Escalation vulnerability during daily DAT updates when using McAfee Virus Scan Enterprise (VSE) prior to 8.8 Patch 15 allows local users to cause the deletion and creation of files they would not normally have permission to through altering the target of symbolic links. This is timing dependent.

Data is provided by the National Vulnerability Database (NVD)
McafeeVirusscan Enterprise Version8.8 Update- SwPlatformwindows
McafeeVirusscan Enterprise Version8.8 Updatepatch1 SwPlatformwindows
McafeeVirusscan Enterprise Version8.8 Updatepatch10 SwPlatformwindows
McafeeVirusscan Enterprise Version8.8 Updatepatch11 SwPlatformwindows
McafeeVirusscan Enterprise Version8.8 Updatepatch12 SwPlatformwindows
McafeeVirusscan Enterprise Version8.8 Updatepatch13 SwPlatformwindows
McafeeVirusscan Enterprise Version8.8 Updatepatch14 SwPlatformwindows
McafeeVirusscan Enterprise Version8.8 Updatepatch2 SwPlatformwindows
McafeeVirusscan Enterprise Version8.8 Updatepatch3 SwPlatformwindows
McafeeVirusscan Enterprise Version8.8 Updatepatch4 SwPlatformwindows
McafeeVirusscan Enterprise Version8.8 Updatepatch5 SwPlatformwindows
McafeeVirusscan Enterprise Version8.8 Updatepatch6 SwPlatformwindows
McafeeVirusscan Enterprise Version8.8 Updatepatch7 SwPlatformwindows
McafeeVirusscan Enterprise Version8.8 Updatepatch8 SwPlatformwindows
McafeeVirusscan Enterprise Version8.8 Updatepatch9 SwPlatformwindows
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.04% 0.096
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
trellixpsirt@trellix.com 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.