CVE-2020-7267

moderate-risk
Published 2020-05-08

Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE) for Linux prior to 2.0.3 Hotfix 2635000 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.

Do I need to act?

-
0.03% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
LOCAL / LOW complexity

Affected Products (14)

Affected Vendors

Mcafee

References (2)

https://kc.mcafee.com/corporate/index?page=content&id=SB10316
https://kc.mcafee.com/corporate/index?page=content&id=SB10316
45
/ 100
moderate-risk
Severity 27/34 · High
Exploitability 0/34 · Minimal
Exposure 18/34 · Moderate