CVE-2020-7265: Privilege Escalation vulnerability through symbolic links in ENSM
First published: Thu May 07 2020(Updated: )
Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Mac prior to 10.6.9 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.
Credit: psirt@mcafee.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mcafee Endpoint Security | >=10.5.0<10.6.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this McAfee Endpoint Security vulnerability?
The vulnerability ID is CVE-2020-7265.
What is the severity of CVE-2020-7265?
The severity of CVE-2020-7265 is high, with a severity value of 8.4.
How does CVE-2020-7265 allow privilege escalation?
CVE-2020-7265 allows local users to delete files they would otherwise not have access to by manipulating symbolic links.
Which version of McAfee Endpoint Security for Mac is affected by CVE-2020-7265?
McAfee Endpoint Security for Mac prior to version 10.6.9 is affected by CVE-2020-7265.
How can I fix CVE-2020-7265 in McAfee Endpoint Security for Mac?
To fix CVE-2020-7265, update McAfee Endpoint Security for Mac to version 10.6.9 or higher.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/title
- agent/references
- agent/severity
- agent/author
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/mcafee
- canonical/mcafee endpoint security
- version/mcafee endpoint security/10.5.0