TrellixCVELIST:CVE-2020-7257CVE-2020-7257 Privilege Escalation vulnerability through Symbolic links in ENS
8.4 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
8.2 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%
Privilege escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to cause the deletion and creation of files they would not normally have permission to through altering the target of symbolic links whilst an anti-virus scan was in progress. This is timing dependent.
CNA Affected
[
{
"product": "McAfee Endpoint Security (ENS)",
"vendor": "McAfee LLC",
"versions": [
{
"lessThan": "10.7.0 April 2020 Update",
"status": "affected",
"version": "10.x",
"versionType": "custom"
}
]
}
]Related
8.4 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
8.2 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%