CVE-2020-7337

MEDIUM

McAfee VirusScan Enterprise < 8.8 Patch 16 - Local Security Bypass via Windows Defender Application Control

Title source: llm

Description

Incorrect Permission Assignment for Critical Resource vulnerability in McAfee VirusScan Enterprise (VSE) prior to 8.8 Patch 16 allows local administrators to bypass local security protection through VSE not correctly integrating with Windows Defender Application Control via careful manipulation of the Code Integrity checks.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://kc.mcafee.com/corporate/index?page=content&id=SB10338

Scores

CVSS v3 6.5

EPSS 0.0041

EPSS Percentile 32.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-732

Status published

Products (2)

mcafee/virusscan_enterprise 8.8 (16 CPE variants)

mcafee/virusscan_enterprise < 8.8

Published Dec 09, 2020

Tracked Since Feb 18, 2026