CVE-2020-7280
Summary
| CVE | CVE-2020-7280 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-06-10 12:15:00 UTC |
| Updated | 2023-11-07 03:25:00 UTC |
| Description | Privilege Escalation vulnerability during daily DAT updates when using McAfee Virus Scan Enterprise (VSE) prior to 8.8 Patch 15 allows local users to cause the deletion and creation of files they would not normally have permission to through altering the target of symbolic links. This is timing dependent. |
Risk And Classification
Problem Types: CWE-269
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Mcafee | Virusscan Enterprise | 8.8 | - | All | All |
| Application | Mcafee | Virusscan Enterprise | 8.8 | patch1 | All | All |
| Application | Mcafee | Virusscan Enterprise | 8.8 | patch10 | All | All |
| Application | Mcafee | Virusscan Enterprise | 8.8 | patch11 | All | All |
| Application | Mcafee | Virusscan Enterprise | 8.8 | patch12 | All | All |
| Application | Mcafee | Virusscan Enterprise | 8.8 | patch13 | All | All |
| Application | Mcafee | Virusscan Enterprise | 8.8 | patch14 | All | All |
| Application | Mcafee | Virusscan Enterprise | 8.8 | patch2 | All | All |
| Application | Mcafee | Virusscan Enterprise | 8.8 | patch3 | All | All |
| Application | Mcafee | Virusscan Enterprise | 8.8 | patch4 | All | All |
| Application | Mcafee | Virusscan Enterprise | 8.8 | patch5 | All | All |
| Application | Mcafee | Virusscan Enterprise | 8.8 | patch6 | All | All |
| Application | Mcafee | Virusscan Enterprise | 8.8 | patch7 | All | All |
| Application | Mcafee | Virusscan Enterprise | 8.8 | patch8 | All | All |
| Application | Mcafee | Virusscan Enterprise | 8.8 | patch9 | All | All |
| Application | Mcafee | Virusscan Enterprise | 8.8 | - | All | All |
| Application | Mcafee | Virusscan Enterprise | 8.8 | patch1 | All | All |
| Application | Mcafee | Virusscan Enterprise | 8.8 | patch10 | All | All |
| Application | Mcafee | Virusscan Enterprise | 8.8 | patch11 | All | All |
| Application | Mcafee | Virusscan Enterprise | 8.8 | patch12 | All | All |
| Application | Mcafee | Virusscan Enterprise | 8.8 | patch13 | All | All |
| Application | Mcafee | Virusscan Enterprise | 8.8 | patch14 | All | All |
| Application | Mcafee | Virusscan Enterprise | 8.8 | patch2 | All | All |
| Application | Mcafee | Virusscan Enterprise | 8.8 | patch3 | All | All |
| Application | Mcafee | Virusscan Enterprise | 8.8 | patch4 | All | All |
| Application | Mcafee | Virusscan Enterprise | 8.8 | patch5 | All | All |
| Application | Mcafee | Virusscan Enterprise | 8.8 | patch6 | All | All |
| Application | Mcafee | Virusscan Enterprise | 8.8 | patch7 | All | All |
| Application | Mcafee | Virusscan Enterprise | 8.8 | patch8 | All | All |
| Application | Mcafee | Virusscan Enterprise | 8.8 | patch9 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| McAfee Security Bulletin - VirusScan Enterprise update fixes three vulnerabilities (CVE-2019-3585, CVE-2019-3588, and CVE-2020-7280) | kc.mcafee.com | ||
| ZDI-20-702 | Zero Day Initiative | MISC | www.zerodayinitiative.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: McAfee credits Glennlloyd working with Trend Micro's Zero Day Initiative for reporting this flaw.
There are currently no legacy QID mappings associated with this CVE.