CVE-2020-7265

Published: May 8, 2020Modified: Nov 21, 2024

8.4

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

Exploitability: 2.0 / Impact: 5.8

Source: NVD

Description

Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Mac prior to 10.6.9 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.

Affected (1)

Products: Mcafee: Endpoint Security

1 product

Endpoint Security

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mcafee Endpoint Security	From 10.5.0 to 10.6.9

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Improper Handling of Insufficient Privileges

The product does not handle or incorrectly handles when it has insufficient privileges to perform an operation, leading to resultant weaknesses.

References (2)

https://kc.mcafee.com/corporate/index?page=content&id=SB10316

Source: trellixpsirt@trellix.com

https://kc.mcafee.com/corporate/index?page=content&id=SB10316

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.