CVE-2020-7280: McAfee VirusScan Enterprise Junction Privilege Escalation Vulnerability
First published: Tue Jun 09 2020(Updated: )
Privilege Escalation vulnerability during daily DAT updates when using McAfee Virus Scan Enterprise (VSE) prior to 8.8 Patch 15 allows local users to cause the deletion and creation of files they would not normally have permission to through altering the target of symbolic links. This is timing dependent.
Credit: psirt@mcafee.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mcafee Virusscan Enterprise | =8.8 | |
| Mcafee Virusscan Enterprise | =8.8-patch1 | |
| Mcafee Virusscan Enterprise | =8.8-patch10 | |
| Mcafee Virusscan Enterprise | =8.8-patch11 | |
| Mcafee Virusscan Enterprise | =8.8-patch12 | |
| Mcafee Virusscan Enterprise | =8.8-patch13 | |
| Mcafee Virusscan Enterprise | =8.8-patch14 | |
| Mcafee Virusscan Enterprise | =8.8-patch2 | |
| Mcafee Virusscan Enterprise | =8.8-patch3 | |
| Mcafee Virusscan Enterprise | =8.8-patch4 | |
| Mcafee Virusscan Enterprise | =8.8-patch5 | |
| Mcafee Virusscan Enterprise | =8.8-patch6 | |
| Mcafee Virusscan Enterprise | =8.8-patch7 | |
| Mcafee Virusscan Enterprise | =8.8-patch8 | |
| Mcafee Virusscan Enterprise | =8.8-patch9 | |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-7280?
CVE-2020-7280 is a vulnerability that allows local attackers to escalate privileges on affected installations of McAfee VirusScan Enterprise.
How severe is CVE-2020-7280?
CVE-2020-7280 is classified as a high severity vulnerability with a CVSS score of 7.8.
What software is affected by CVE-2020-7280?
McAfee VirusScan Enterprise versions 8.8 and its various patches are affected by CVE-2020-7280.
How can CVE-2020-7280 be exploited?
To exploit CVE-2020-7280, an attacker must first obtain the ability to execute low-privileged code on the target system.
Where can I find more information about CVE-2020-7280?
You can find more information about CVE-2020-7280 on the McAfee Knowledge Center website and the Zero Day Initiative website.
- agent/references
- agent/type
- agent/weakness
- agent/author
- agent/title
- agent/description
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/first-publish-date
- agent/softwarecombine
- collector/zdi-advisory
- source/ZDI
- alias/ZDI-20-702
- alias/ZDI-CAN-10005
- alias/CVE-2020-7280
- agent/software-canonical-lookup
- agent/event
- agent/tags
- agent/trending
- vendor/mcafee
- canonical/mcafee virusscan enterprise
- version/mcafee virusscan enterprise/8.8
- version/mcafee virusscan enterprise/8.8-patch1
- version/mcafee virusscan enterprise/8.8-patch10
- version/mcafee virusscan enterprise/8.8-patch11
- version/mcafee virusscan enterprise/8.8-patch12
- version/mcafee virusscan enterprise/8.8-patch13
- version/mcafee virusscan enterprise/8.8-patch14
- version/mcafee virusscan enterprise/8.8-patch2
- version/mcafee virusscan enterprise/8.8-patch3
- version/mcafee virusscan enterprise/8.8-patch4
- version/mcafee virusscan enterprise/8.8-patch5
- version/mcafee virusscan enterprise/8.8-patch6
- version/mcafee virusscan enterprise/8.8-patch7
- version/mcafee virusscan enterprise/8.8-patch8
- version/mcafee virusscan enterprise/8.8-patch9