CVE-2020-7250

Symbolic link manipulation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows authenticated local user to potentially gain an escalation of privileges by pointing the link to files which the user which not normally have permission to alter via carefully creating symbolic links from the ENS log file directory.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mcafee:endpoint_security:10.5.0:*:*:*:*:windows:*:*
cpe:2.3:a:mcafee:endpoint_security:10.5.1:*:*:*:*:windows:*:*
cpe:2.3:a:mcafee:endpoint_security:10.5.2:*:*:*:*:windows:*:*
cpe:2.3:a:mcafee:endpoint_security:10.5.3:*:*:*:*:windows:*:*
cpe:2.3:a:mcafee:endpoint_security:10.5.4:*:*:*:*:windows:*:*
cpe:2.3:a:mcafee:endpoint_security:10.5.5:*:*:*:*:windows:*:*
cpe:2.3:a:mcafee:endpoint_security:10.6.0:*:*:*:*:windows:*:*

History

07 Nov 2023, 03:25

Type Values Removed Values Added
References (CONFIRM) https://kc.mcafee.com/corporate/index?page=content&id=SB10309 - Vendor Advisory () https://kc.mcafee.com/corporate/index?page=content&id=SB10309 -

Information

Published : 2020-04-15 13:15

Updated : 2024-02-28 17:47


NVD link : CVE-2020-7250

Mitre link : CVE-2020-7250

CVE.ORG link : CVE-2020-7250


JSON object : View

Products Affected

mcafee

  • endpoint_security
CWE
CWE-59

Improper Link Resolution Before File Access ('Link Following')