CVE-2020-7257 — Improper Privilege Management in LLC Mcafee Endpoint Security

CWE-264 CWE-269 — Improper Privilege Management3 documents3 sources

Severity

6.3MEDIUMNVD

CNA8.4

EPSS

0.1%

top 69.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mcafee LLC Mcafee Endpoint Security Mcafee Endpoint Security

Timeline

PublishedApr 15

Latest updateMay 24

Description

Privilege escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to cause the deletion and creation of files they would not normally have permission to through altering the target of symbolic links whilst an anti-virus scan was in progress. This is timing dependent.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:HExploitability: 1.0 | Impact: 5.2

Affected Packages2 packages

▶CVEListV5mcafee_llc/mcafee_endpoint_security10.x — 10.7.0 April 2020 Update

▶NVDmcafee/endpoint_security7 versions+6

🔴Vulnerability Details

GHSA

GHSA-5jf3-c8qv-652g: Privilege escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10↗2022-05-24

▶

CVEList

Privilege Escalation vulnerability through Symbolic links in ENS↗2020-04-15

▶