CVE-2020-7280

Name of the Vulnerable Software and Affected Versions McAfee VirusScan Enterprise versions prior to 8.8 Patch 15

Description The issue is related to insufficient access control in McAfee VirusScan Enterprise, which can be exploited to elevate privileges. This can occur during daily DAT updates, allowing local users to delete and create files they would not normally have permission to access by altering the target of symbolic links. This exploit is timing-dependent.

Recommendations For versions prior to 8.8 Patch 15, update to 8.8 Patch 15 or later to resolve the issue. As a temporary workaround, consider restricting access to the symbolic links that can be altered during the daily DAT updates until a patch is applied.