CVE-2020-7257 HIGH

CVE-2020-7257: Privilege Escalation vulnerability through Symbolic links in ENS

Vendor Mcafee Llc

Product McAfee Endpoint Security (ENS)

Weakness CWE-264

Published April 15, 2020

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

8.4/10

Attack vector Local

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality None

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

What the vulnerability does

01Description

Privilege escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to cause the deletion and creation of files they would not normally have permission to through altering the target of symbolic links whilst an anti-virus scan was in progress. This is timing dependent.

Key dates

02Disclosure timeline

April 15, 2020 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-7257

Related vulnerabilities

Identifiers

CVE CVE-2020-7257

CWE CWE-264

CVSS 8.4 / HIGH

Affected versions