CVE-2020-7264 is a vulnerability in McAfee Endpoint Security
Published on May 8, 2020
Privilege Escalation vulnerability through symbolic links in ENS for Windows
Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 Hotfix 199847 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.
Vulnerability Analysis
CVE-2020-7264 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
Improper Handling of Insufficient Privileges
The software does not handle or incorrectly handles when it has insufficient privileges to perform an operation, leading to resultant weaknesses.
Products Associated with CVE-2020-7264
Want to know whenever a new CVE is published for McAfee Endpoint Security? stack.watch will email you.
Affected Versions
McAfee,LLC McAfee Endpoint Security (ENS) for Windows:- Version 10.7.x and below 10.7.0 Hotfix 199847 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.