Link following in McAfee MVISION Endpoint - CVE-2020-7325

 

Link following in McAfee MVISION Endpoint - CVE-2020-7325

Published: September 14, 2020


Vulnerability identifier: #VU46692
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-7325
CWE-ID: CWE-59
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: McAfee
Affected software:
McAfee MVISION Endpoint

Detailed vulnerability description

The vulnerability allows a local user to access unauthorised files.

The vulnerability exists due to a symlink following issue. A local user can access files which the user otherwise would not have access to via manipulating symbolic links to redirect McAfee file operations to an unintended file.


How to mitigate CVE-2020-7325

Install updates from vendor's website.

Sources