1. Home
  2. CVE Database
  3. CVE-2020-7250
HIGH · 8.2

CVE-2020-7250

Symbolic link manipulation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows authenticated local user to potentially gain an escalation of privile...

Vulnerability Description

Symbolic link manipulation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows authenticated local user to potentially gain an escalation of privileges by pointing the link to files which the user which not normally have permission to alter via carefully creating symbolic links from the ENS log file directory.

CVSS Score

8.2

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
McafeeEndpoint Security10.5.0

Related Weaknesses (CWE)

CWE-59

References

FAQ

What is CVE-2020-7250?

CVE-2020-7250 is a vulnerability with a CVSS score of 8.2 (HIGH). Symbolic link manipulation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows authenticated local user to potentially gain an escalation of privile...

How severe is CVE-2020-7250?

CVE-2020-7250 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-7250?

Check the references section above for vendor advisories and patch information. Affected products include: Mcafee Endpoint Security.