6.7

CVE-2020-7337

Incorrect Permission Assignment for Critical Resource vulnerability in McAfee VirusScan Enterprise (VSE) prior to 8.8 Patch 16 allows local administrators to bypass local security protection through VSE not correctly integrating with Windows Defender Application Control via careful manipulation of the Code Integrity checks.

Data is provided by the National Vulnerability Database (NVD)
McafeeVirusscan Enterprise Version < 8.8
McafeeVirusscan Enterprise Version8.8 Update-
McafeeVirusscan Enterprise Version8.8 Updatepatch1
McafeeVirusscan Enterprise Version8.8 Updatepatch10
McafeeVirusscan Enterprise Version8.8 Updatepatch11
McafeeVirusscan Enterprise Version8.8 Updatepatch12
McafeeVirusscan Enterprise Version8.8 Updatepatch13
McafeeVirusscan Enterprise Version8.8 Updatepatch14
McafeeVirusscan Enterprise Version8.8 Updatepatch15
McafeeVirusscan Enterprise Version8.8 Updatepatch2
McafeeVirusscan Enterprise Version8.8 Updatepatch3
McafeeVirusscan Enterprise Version8.8 Updatepatch4
McafeeVirusscan Enterprise Version8.8 Updatepatch5
McafeeVirusscan Enterprise Version8.8 Updatepatch6
McafeeVirusscan Enterprise Version8.8 Updatepatch7
McafeeVirusscan Enterprise Version8.8 Updatepatch8
McafeeVirusscan Enterprise Version8.8 Updatepatch9
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.03% 0.071
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.7 0.8 5.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
trellixpsirt@trellix.com 6.5 0.6 5.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
CWE-732 Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.