Vulnerability Details CVE-2020-4008
The installer of the macOS Sensor for VMware Carbon Black Cloud (prior to 3.5.1) handles certain files in an insecure way. A malicious actor who has local access to the endpoint on which a macOS sensor is going to be installed, may overwrite a limited number of files with output from the sensor installation.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 9.8%
CVSS Severity
CVSS v3 Score 3.6
CVSS v2 Score 3.3
References
Products affected by CVE-2020-4008
-
cpe:2.3:a:vmware:carbon_black_cloud:*
-
cpe:2.3:o:apple:macos:-