PT-2020-19498 · Mcafee · Mcafee Endpoint Security (Ens) For Windows

Published

2020-04-15

Updated

2020-10-06

CVE-2020-7250

CVSS v3.1

8.2

High

Vector

AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions McAfee Endpoint Security (ENS) for Windows versions prior to 10.7.0 February 2020 Update

Description The issue allows an authenticated local user to potentially gain an escalation of privileges by manipulating symbolic links, pointing them to files that the user would not normally have permission to alter. This is achieved by carefully creating symbolic links from the ENS log file directory.

Recommendations For versions prior to 10.7.0 February 2020 Update, update to the February 2020 Update or a later version to resolve the issue. As a temporary workaround, consider restricting access to the ENS log file directory to minimize the risk of exploitation.

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

CVE-2020-7250

Affected Products

Mcafee Endpoint Security (Ens) For Windows

PT-2020-19498 · Mcafee · Mcafee Endpoint Security (Ens) For Windows

CVE-2020-7250

Weakness Enumeration

Related Identifiers

Affected Products

References · 6