CVE-2020-7265

CWE-274CWE-269Improper Privilege Management3 documents3 sources
Severity
8.4HIGH
EPSS
0.0%
top 89.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mcafee Endpoint SecurityMcafee,llc Mcafee Endpoint Security (ens) FOR MAC
Timeline
PublishedMay 8
Latest updateMay 24

Description

Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Mac prior to 10.6.9 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages2 packages

NVDmcafee/endpoint_security10.5.010.6.9

🔴Vulnerability Details

2
GHSA
GHSA-m258-8c72-m4v5: Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Mac prior to 102022-05-24
CVEList
Privilege Escalation vulnerability through symbolic links in ENSM2020-05-08
CVE-2020-7265 (HIGH CVSS 8.4) | Privilege Escalation vulnerability | cvebase.io