Vulnerability Details : CVE-2020-7264
Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 Hotfix 199847 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.
Vulnerability category: Gain privilege
Products affected by CVE-2020-7264
- cpe:2.3:a:mcafee:endpoint_security:*:*:*:*:*:windows:*:*
- cpe:2.3:a:mcafee:endpoint_security:10.6.0:*:*:*:*:windows:*:*
- cpe:2.3:a:mcafee:endpoint_security:10.7.0:*:*:*:*:windows:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-7264
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-7264
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.6
|
LOW | AV:L/AC:L/Au:N/C:N/I:P/A:P |
3.9
|
4.9
|
NIST | |
8.4
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H |
2.0
|
5.8
|
NIST | |
8.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
2.0
|
6.0
|
McAfee (DEFUNCT) |
CWE ids for CVE-2020-7264
-
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.Assigned by: nvd@nist.gov (Primary)
-
The product does not handle or incorrectly handles when it has insufficient privileges to perform an operation, leading to resultant weaknesses.Assigned by: psirt@mcafee.com (Secondary)
References for CVE-2020-7264
-
https://kc.mcafee.com/corporate/index?page=content&id=SB10316
McAfee Security Bulletin - Endpoint products update to protect against arbitrary file deletion via symbolic links vulnerability (CVE-2020-7264, CVE-2020-7265, CVE-2020-7266, CVE-2020-7267)Vendor Advisory
Jump to