CVE-2020-7267

HIGH

McAfee VirusScan Enterprise for Linux < 2.0.3 Hotfix 2635000 - Privilege Escalation via Symbolic Link Manipulation

Title source: llm
STIX 2.1

Description

Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE) for Linux prior to 2.0.3 Hotfix 2635000 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.

References (1)

Core 1
Core References

Scores

CVSS v3 8.8
EPSS 0.0025
EPSS Percentile 16.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Details

CWE
CWE-269 CWE-274
Status published
Products (1)
mcafee/virusscan_enterprise 8.8 (14 CPE variants)
Published May 08, 2020
Tracked Since Feb 18, 2026