CVE-2020-7264

CWE-274CWE-269Improper Privilege Management3 documents3 sources
Severity
8.4HIGH
EPSS
0.0%
top 89.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mcafee,llc Mcafee Endpoint Security (ens) FOR WindowsMcafee Endpoint Security
Timeline
PublishedMay 8
Latest updateMay 24

Description

Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 Hotfix 199847 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages2 packages

CVEListV5mcafee,llc/mcafee_endpoint_security_(ens)_for_windows10.7.x10.7.0 Hotfix 199847
NVDmcafee/endpoint_security10.5.010.5.5+2

🔴Vulnerability Details

2
GHSA
GHSA-4r5w-h6p7-33h7: Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 102022-05-24
CVEList
Privilege Escalation vulnerability through symbolic links in ENS for Windows2020-05-08
CVE-2020-7264 (HIGH CVSS 8.4) | Privilege Escalation vulnerability | cvebase.io