First published: Wed Dec 09 2020(Updated: )
Incorrect Permission Assignment for Critical Resource vulnerability in McAfee VirusScan Enterprise (VSE) prior to 8.8 Patch 16 allows local administrators to bypass local security protection through VSE not correctly integrating with Windows Defender Application Control via careful manipulation of the Code Integrity checks.
Credit: psirt@mcafee.com
Affected Software | Affected Version | How to fix |
---|---|---|
Mcafee Virusscan Enterprise | <8.8 | |
Mcafee Virusscan Enterprise | =8.8 | |
Mcafee Virusscan Enterprise | =8.8-patch1 | |
Mcafee Virusscan Enterprise | =8.8-patch10 | |
Mcafee Virusscan Enterprise | =8.8-patch11 | |
Mcafee Virusscan Enterprise | =8.8-patch12 | |
Mcafee Virusscan Enterprise | =8.8-patch13 | |
Mcafee Virusscan Enterprise | =8.8-patch14 | |
Mcafee Virusscan Enterprise | =8.8-patch15 | |
Mcafee Virusscan Enterprise | =8.8-patch2 | |
Mcafee Virusscan Enterprise | =8.8-patch3 | |
Mcafee Virusscan Enterprise | =8.8-patch4 | |
Mcafee Virusscan Enterprise | =8.8-patch5 | |
Mcafee Virusscan Enterprise | =8.8-patch6 | |
Mcafee Virusscan Enterprise | =8.8-patch7 | |
Mcafee Virusscan Enterprise | =8.8-patch8 | |
Mcafee Virusscan Enterprise | =8.8-patch9 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this McAfee VirusScan Enterprise vulnerability is CVE-2020-7337.
CVE-2020-7337 has a severity level of medium.
McAfee VirusScan Enterprise versions prior to 8.8 Patch 16 are affected by CVE-2020-7337.
Local administrators can bypass security protection by carefully manipulating McAfee VirusScan Enterprise to not correctly integrate with Windows Defender Application Control.
You can find more information about CVE-2020-7337 on the McAfee Knowledge Center website.