CVE-2020-7319

Published: Sep 9, 2020Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Exploitability: 2.0 / Impact: 6.0

Source: NVD

Description

Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to access files which the user otherwise would not have access to via manipulating symbolic links to redirect McAfee file operations to an unintended file.

Affected (1)

Products: Mcafee: Endpoint Security

1 product

Endpoint Security

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mcafee Endpoint Security	Before 10.7.0

Related CWEs

Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References (2)

https://kc.mcafee.com/corporate/index?page=content&id=SB10327

Source: trellixpsirt@trellix.com

https://kc.mcafee.com/corporate/index?page=content&id=SB10327

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.