CVE-2020-7250

CWE-593 documents3 sources
Severity
7.8HIGH
EPSS
0.1%
top 72.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mcafee LLC Mcafee Endpoint Security (ens)Mcafee Endpoint Security
Timeline
PublishedApr 15
Latest updateMay 24

Description

Symbolic link manipulation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows authenticated local user to potentially gain an escalation of privileges by pointing the link to files which the user which not normally have permission to alter via carefully creating symbolic links from the ENS log file directory.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:HExploitability: 1.5 | Impact: 6.0

Affected Packages2 packages

CVEListV5mcafee_llc/mcafee_endpoint_security_(ens)10.x10.7.0 April 2020 Update
NVDmcafee/endpoint_security7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-p7jx-q735-v62j: Symbolic link manipulation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 102022-05-24
CVEList
ENS symbolic link log file manipulation vulnerability2020-04-15
CVE-2020-7250 (HIGH CVSS 7.8) | Symbolic link manipulation vulnerab | cvebase.io