Lucene search

TrellixCVELIST:CVE-2020-7280

HistoryJun 10, 2020 - 11:52 a.m.

CVE-2020-7280 Symbolic Link vulnerability during DAT update

2020-06-1011:52:43

CWE-269

trellix

www.cve.org

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

28.4%

JSON

Privilege Escalation vulnerability during daily DAT updates when using McAfee Virus Scan Enterprise (VSE) prior to 8.8 Patch 15 allows local users to cause the deletion and creation of files they would not normally have permission to through altering the target of symbolic links. This is timing dependent.

CNA Affected

[
  {
    "product": "McAfee VirusScan Enterprise (VSE)",
    "vendor": "McAfee, LLC",
    "versions": [
      {
        "lessThan": "8.8 Patch 15",
        "status": "affected",
        "version": "8.8.x",
        "versionType": "custom"
      }
    ]
  }
]

References

kc.mcafee.com/corporate/index?page=content&id=SB10302

www.zerodayinitiative.com/advisories/ZDI-20-702/

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

28.4%

JSON

Related for CVELIST:CVE-2020-7280