CVE-2020-7264
Last modified
CVE-2020-7264 is a high-severity vulnerability rated 8.4/10 on the CVSS scale. Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 Hotfix 199847 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.. EPSS estimates a 0.25% chance of exploitation in the next 30 days.
Description
Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 Hotfix 199847 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mcafee | Endpoint Security | >= 10.5.0, < 10.5.5 |
| Mcafee | Endpoint Security | 10.6.0 |
| Mcafee | Endpoint Security | 10.7.0 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-7264?
How severe is CVE-2020-7264?
How do I fix CVE-2020-7264?
Are you affected by CVE-2020-7264?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST