Incorrect Permission Assignment for Critical Resource
CVE-2020-7337
6.5MEDIUM
What is CVE-2020-7337?
Incorrect Permission Assignment for Critical Resource vulnerability in McAfee VirusScan Enterprise (VSE) prior to 8.8 Patch 16 allows local administrators to bypass local security protection through VSE not correctly integrating with Windows Defender Application Control via careful manipulation of the Code Integrity checks.
Affected Version(s)
VirusScan Enterprise (VSE) 8.8.x
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved