CVE-2020-7267: Privilege Escalation vulnerability through symbolic links in VSEL
First published: Fri May 08 2020(Updated: )
Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE) for Linux prior to 2.0.3 Hotfix 2635000 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.
Credit: psirt@mcafee.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mcafee Virusscan Enterprise | =8.8 | |
| Mcafee Virusscan Enterprise | =8.8-patch1 | |
| Mcafee Virusscan Enterprise | =8.8-patch10 | |
| Mcafee Virusscan Enterprise | =8.8-patch11 | |
| Mcafee Virusscan Enterprise | =8.8-patch12 | |
| Mcafee Virusscan Enterprise | =8.8-patch13 | |
| Mcafee Virusscan Enterprise | =8.8-patch2 | |
| Mcafee Virusscan Enterprise | =8.8-patch3 | |
| Mcafee Virusscan Enterprise | =8.8-patch4 | |
| Mcafee Virusscan Enterprise | =8.8-patch5 | |
| Mcafee Virusscan Enterprise | =8.8-patch6 | |
| Mcafee Virusscan Enterprise | =8.8-patch7 | |
| Mcafee Virusscan Enterprise | =8.8-patch8 | |
| Mcafee Virusscan Enterprise | =8.8-patch9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2020-7267?
The severity of CVE-2020-7267 is high with a severity value of 8.4.
How can local users exploit CVE-2020-7267?
Local users can exploit CVE-2020-7267 by manipulating symbolic links to redirect a McAfee delete action to unintended files.
Which version of McAfee VirusScan Enterprise for Linux is affected by CVE-2020-7267?
McAfee VirusScan Enterprise for Linux prior to version 2.0.3 Hotfix 2635000 is affected by CVE-2020-7267.
How can I fix CVE-2020-7267?
To fix CVE-2020-7267, update McAfee VirusScan Enterprise for Linux to version 2.0.3 Hotfix 2635000.
Where can I find more information about CVE-2020-7267?
You can find more information about CVE-2020-7267 at the following link: [McAfee Security Bulletin SB10316](https://kc.mcafee.com/corporate/index?page=content&id=SB10316).
- agent/weakness
- agent/type
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/author
- agent/softwarecombine
- agent/description
- agent/references
- agent/title
- agent/severity
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- vendor/mcafee
- canonical/mcafee virusscan enterprise
- version/mcafee virusscan enterprise/8.8
- version/mcafee virusscan enterprise/8.8-patch1
- version/mcafee virusscan enterprise/8.8-patch10
- version/mcafee virusscan enterprise/8.8-patch11
- version/mcafee virusscan enterprise/8.8-patch12
- version/mcafee virusscan enterprise/8.8-patch13
- version/mcafee virusscan enterprise/8.8-patch2
- version/mcafee virusscan enterprise/8.8-patch3
- version/mcafee virusscan enterprise/8.8-patch4
- version/mcafee virusscan enterprise/8.8-patch5
- version/mcafee virusscan enterprise/8.8-patch6
- version/mcafee virusscan enterprise/8.8-patch7
- version/mcafee virusscan enterprise/8.8-patch8
- version/mcafee virusscan enterprise/8.8-patch9