Incorrect Permission Assignment for Critical Resource
CVE-2020-7337
6.5MEDIUM
Key Information:
- Vendor
- Mcafee, Llc
- Status
- Virusscan Enterprise (vse)
- Vendor
- CVE Published:
- 9 December 2020
Summary
Incorrect Permission Assignment for Critical Resource vulnerability in McAfee VirusScan Enterprise (VSE) prior to 8.8 Patch 16 allows local administrators to bypass local security protection through VSE not correctly integrating with Windows Defender Application Control via careful manipulation of the Code Integrity checks.
Affected Version(s)
VirusScan Enterprise (VSE) 8.8.x
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved