CVE Published: 03/07/2020 |
CVE Updated: 04/08/2024 |
CVE Year: 2020 Source: trellix |
Vendor: McAfee,LLC |
Product: McAfee Total Protection (MTP) Status : PUBLISHED
CVE-2020-7282 Description
Privilege Escalation vulnerability in McAfee Total Protection (MTP) before 16.0.R26 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.
Metrics
CVSS Version: 3.1 |
Base Score: 7.5 HIGH Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H
l➤ Exploitability Metrics: Attack Vector (AV)* LOCAL Attack Complexity (AC)* HIGH Privileges Required (PR)* LOW User Interaction (UI)* NONE Scope (S)* CHANGED
l➤ Impact Metrics: Confidentiality Impact (C)* NONE Integrity Impact (I)* HIGH Availability Impact (A)* HIGH
Weakness Enumeration (CWE)
CWE-ID: CWE-59 CWE Name: CWE-59: Improper Link Resolution Before File Access (
Link Following
) Source: McAfee,LLC
Common Attack Pattern Enumeration and Classification (CAPEC)