Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-7337

Incorrect Permission Assignment for Critical Resource vulnerability in McAfee VirusScan Enterprise (VSE) prior to 8.8 Patch 16 allows local administrators to bypass local security protection through VSE not correctly integrating with Windows Defender Application Control via careful manipulation of the Code Integrity checks.

Published

2020-12-09T09:15:13.200

Last Modified

2024-11-21T05:37:05.333

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

3.9

Impact Score

6.4

Weaknesses
  • Type: Primary
    CWE-732
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application mcafee virusscan_enterprise < 8.8 Yes
Application mcafee virusscan_enterprise 8.8 Yes
Application mcafee virusscan_enterprise 8.8 Yes
Application mcafee virusscan_enterprise 8.8 Yes
Application mcafee virusscan_enterprise 8.8 Yes
Application mcafee virusscan_enterprise 8.8 Yes
Application mcafee virusscan_enterprise 8.8 Yes
Application mcafee virusscan_enterprise 8.8 Yes
Application mcafee virusscan_enterprise 8.8 Yes
Application mcafee virusscan_enterprise 8.8 Yes
Application mcafee virusscan_enterprise 8.8 Yes
Application mcafee virusscan_enterprise 8.8 Yes
Application mcafee virusscan_enterprise 8.8 Yes
Application mcafee virusscan_enterprise 8.8 Yes
Application mcafee virusscan_enterprise 8.8 Yes
Application mcafee virusscan_enterprise 8.8 Yes
Application mcafee virusscan_enterprise 8.8 Yes
References