CVE-2020-7280

moderate-risk

Published 2020-06-10

Privilege Escalation vulnerability during daily DAT updates when using McAfee Virus Scan Enterprise (VSE) prior to 8.8 Patch 15 allows local users to cause the deletion and creation of files they would not normally have permission to through altering the target of symbolic links. This is timing dependent.

Do I need to act?

0.04% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.8/10 High

LOCAL / LOW complexity

Affected Products (15)

Virusscan Enterprise

Affected Vendors

Mcafee

References (4)

https://kc.mcafee.com/corporate/index?page=content&id=SB10302

https://www.zerodayinitiative.com/advisories/ZDI-20-702/

https://kc.mcafee.com/corporate/index?page=content&id=SB10302

https://www.zerodayinitiative.com/advisories/ZDI-20-702/

/ 100

moderate-risk

Severity 24/34 · High

Exploitability 0/34 · Minimal

Exposure 18/34 · Moderate