CVE-2020-7319
HIGHMcAfee Endpoint Security < 10.7.0 - Improper Access Control via Symbolic Link Manipulation
Title source: llmDescription
Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to access files which the user otherwise would not have access to via manipulating symbolic links to redirect McAfee file operations to an unintended file.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10327
Scores
CVSS v3
8.8
EPSS
0.0005
EPSS Percentile
17.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-59
Status
published
Products (1)
mcafee/endpoint_security
< 10.7.0
Published
Sep 09, 2020
Tracked Since
Feb 18, 2026