Symbolic link manipulation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows authenticated local user to potentially gain an escalation of privileges by pointing the link to files which the user which not normally have permission to alter via carefully creating symbolic links from the ENS log file directory.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 05:36
Type | Values Removed | Values Added |
---|---|---|
References | () https://kc.mcafee.com/corporate/index?page=content&id=SB10309 - | |
CVSS |
v2 : v3 : |
v2 : 4.6
v3 : 8.2 |
07 Nov 2023, 03:25
Type | Values Removed | Values Added |
---|---|---|
References | () https://kc.mcafee.com/corporate/index?page=content&id=SB10309 - |
Information
Published : 2020-04-15 13:15
Updated : 2024-11-21 05:36
NVD link : CVE-2020-7250
Mitre link : CVE-2020-7250
CVE.ORG link : CVE-2020-7250
JSON object : View
Products Affected
mcafee
- endpoint_security
CWE
CWE-59
Improper Link Resolution Before File Access ('Link Following')