← back
CVE-2020-7257

Privilege Escalation vulnerability through Symbolic links in ENS

CVSS 8.4 HIGHEPSS 0.3%CWE-264
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.4EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
15 Apr 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Privilege escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to cause the deletion and creation of files they would not normally have permission to through altering the target of symbolic links whilst an anti-virus scan was in progress. This is timing dependent.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
Affected products
McAfee LLC · McAfee Endpoint Security (ENS)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://kc.mcafee.com/corporate/index?page=content&id=SB10309