Link following in McAfee MVISION Endpoint - CVE-2020-7325
Published: September 14, 2020
Vulnerability identifier: #VU46692
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-7325
CWE-ID: CWE-59
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: McAfee
Affected software:
McAfee MVISION Endpoint
McAfee MVISION Endpoint
Detailed vulnerability description
The vulnerability allows a local user to access unauthorised files.
The vulnerability exists due to a symlink following issue. A local user can access files which the user otherwise would not have access to via manipulating symbolic links to redirect McAfee file operations to an unintended file.
How to mitigate CVE-2020-7325
Install updates from vendor's website.