CVE-2020-7257

EUVD-2020-28384
Privilege escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to cause the deletion and creation of files they would not normally have permission to through altering the target of symbolic links whilst an anti-virus scan was in progress. This is timing dependent.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.4 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
trellixCNA
8.4 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
Affected Products (NVD)
VendorProductVersion
mcafeeendpoint_security
10.5.0
mcafeeendpoint_security
10.5.1
mcafeeendpoint_security
10.5.2
mcafeeendpoint_security
10.5.3
mcafeeendpoint_security
10.5.4
mcafeeendpoint_security
10.5.5
mcafeeendpoint_security
10.6.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://kc.mcafee.com/corporate/index?page=content&id=SB10309
https://kc.mcafee.com/corporate/index?page=content&id=SB10309