Main Vulnerability Database Vulnerabilities #VU46692

Link following in McAfee MVISION Endpoint - CVE-2020-7325

Published: September 14, 2020

Vulnerability identifier: #VU46692

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-7325

CWE-ID: CWE-59

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
McAfee MVISION Endpoint

Software vendor:
McAfee

Description

The vulnerability allows a local user to access unauthorised files.

The vulnerability exists due to a symlink following issue. A local user can access files which the user otherwise would not have access to via manipulating symbolic links to redirect McAfee file operations to an unintended file.

Remediation

Install updates from vendor's website.

External links

https://kc.mcafee.com/corporate/index?page=content&id=SB10328

Link following in McAfee MVISION Endpoint - CVE-2020-7325

Description

Remediation

External links

Please verify you're human