Main Vulnerability Database Vulnerabilities #VU47343

#VU47343 Link following in McAfee Endpoint Security (ENS) - CVE-2020-7250

Published: April 15, 2020 / Updated: October 6, 2020

Vulnerability identifier: #VU47343

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-7250

CWE-ID: CWE-59

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
McAfee Endpoint Security (ENS)

Software vendor:
McAfee

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a symlink following issue. A local user can gain elevated privileges by pointing the link to files which the user which not normally have permission to alter via carefully creating symbolic links from the ENS log file directory.

Remediation

Install updates from vendor's website.

External links

https://kc.mcafee.com/corporate/index?page=content&id=SB10309

#VU47343 Link following in McAfee Endpoint Security (ENS) - CVE-2020-7250

Description

Remediation

External links

Please verify you're human