CVE Vulnerabilities

CVE-2020-7265

Improper Privilege Management

Published: May 08, 2020 | Modified: Nov 07, 2023
CVSS 3.x
8.4
HIGH
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
CVSS 2.x
3.6 LOW
AV:L/AC:L/Au:N/C:N/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Mac prior to 10.6.9 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.

Weakness

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Affected Software

Name Vendor Start Version End Version
Endpoint_security Mcafee 10.5.0 (including) 10.6.9 (excluding)

Potential Mitigations

References