First published: Fri May 08 2020(Updated: )
Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 Hotfix 199847 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.
Credit: psirt@mcafee.com
Affected Software | Affected Version | How to fix |
---|---|---|
Mcafee Endpoint Security | >=10.5.0<10.5.5 | |
Mcafee Endpoint Security | =10.6.0 | |
Mcafee Endpoint Security | =10.7.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-7264 is a Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 Hotfix 199847.
CVE-2020-7264 allows local users to delete files they would not have access to by manipulating symbolic links to redirect a McAfee delete action to an unintended file.
CVE-2020-7264 has a severity rating of 8.4 (high).
CVE-2020-7264 affects McAfee Endpoint Security versions prior to 10.7.0 Hotfix 199847.
To fix the Privilege Escalation vulnerability in McAfee Endpoint Security, update to version 10.7.0 Hotfix 199847 or later.