CVE-2020-7265

HIGH

McAfee Endpoint Security 10.5.0-10.6.8 - Privilege Escalation via Symbolic Link Manipulation

Title source: llm
STIX 2.1

Description

Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Mac prior to 10.6.9 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.

References (1)

Core 1
Core References

Scores

CVSS v3 8.8
EPSS 0.0025
EPSS Percentile 16.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Details

CWE
CWE-269 CWE-274
Status published
Products (1)
mcafee/endpoint_security 10.5.0 - 10.6.9
Published May 08, 2020
Tracked Since Feb 18, 2026