CVE-2020-7250 - OpenCVE

Symbolic link manipulation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows authenticated local user to potentially gain an escalation of privileges by pointing the link to files which the user which not normally have permission to alter via carefully creating symbolic links from the ENS log file directory.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mcafee	Endpoint Security

Configuration 1 [-]

OR	cpe:2.3:a:mcafee:endpoint_security:10.5.0:::::windows::
	cpe:2.3:a:mcafee:endpoint_security:10.5.1:::::windows::
	cpe:2.3:a:mcafee:endpoint_security:10.5.2:::::windows::
	cpe:2.3:a:mcafee:endpoint_security:10.5.3:::::windows::
	cpe:2.3:a:mcafee:endpoint_security:10.5.4:::::windows::
	cpe:2.3:a:mcafee:endpoint_security:10.5.5:::::windows::
	cpe:2.3:a:mcafee:endpoint_security:10.6.0:::::windows::

No data.

References

Link	Providers
https://kc.mcafee.com/corporate/index?page=content&id=SB10309

History

Mon, 16 Sep 2024 17:30:00 +0000

Type	Values Removed	Values Added
Title	ENS symbolic link log file manipulation vulnerability	ENS symbolic link log file manipulation vulnerability

MITRE

Status: PUBLISHED

Assigner: trellix

Published: 2020-04-15T12:45:14.302136Z

Updated: 2024-09-16T17:18:05.249Z

Reserved: 2020-01-21T00:00:00

Link: CVE-2020-7250

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-04-15T13:15:13.080

Modified: 2023-11-07T03:25:44.030

Link: CVE-2020-7250

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "McAfee Endpoint Security (ENS)", "vendor": "McAfee LLC", "versions": [{"lessThan": "10.7.0 April 2020 Update", "status": "affected", "version": "10.x", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "McAfee credits Jakub Palaczynski \u202f(ING Tech Poland)\u202fand Eran Shimony (CyberArk) for independently reporting this flaw"}], "datePublic": "2020-04-14T00:00:00", "descriptions": [{"lang": "en", "value": "Symbolic link manipulation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows authenticated local user to potentially gain an escalation of privileges by pointing the link to files which the user which not normally have permission to alter via carefully creating symbolic links from the ENS log file directory."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-59", "description": "CWE-59 Improper Link Resolution Before File Access ('Link Following')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-04-15T12:45:14", "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808", "shortName": "trellix"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10309"}], "source": {"discovery": "EXTERNAL"}, "title": "ENS symbolic link log file manipulation vulnerability", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@mcafee.com", "DATE_PUBLIC": "2020-04-14T00:00:00.000Z", "ID": "CVE-2020-7250", "STATE": "PUBLIC", "TITLE": "ENS symbolic link log file manipulation vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "McAfee Endpoint Security (ENS)", "version": {"version_data": [{"version_affected": "<", "version_name": "10.x", "version_value": "10.7.0 April 2020 Update"}]}}]}, "vendor_name": "McAfee LLC"}]}}, "credit": [{"lang": "eng", "value": "McAfee credits Jakub Palaczynski \u202f(ING Tech Poland)\u202fand Eran Shimony (CyberArk) for independently reporting this flaw"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Symbolic link manipulation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows authenticated local user to potentially gain an escalation of privileges by pointing the link to files which the user which not normally have permission to alter via carefully creating symbolic links from the ENS log file directory."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-59 Improper Link Resolution Before File Access ('Link Following')"}]}]}, "references": {"reference_data": [{"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10309", "refsource": "CONFIRM", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10309"}]}, "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T09:25:48.498Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10309"}]}]}, "cveMetadata": {"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808", "assignerShortName": "trellix", "cveId": "CVE-2020-7250", "datePublished": "2020-04-15T12:45:14.302136Z", "dateReserved": "2020-01-21T00:00:00", "dateUpdated": "2024-09-16T17:18:05.249Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mcafee:endpoint_security:10.5.0:*:*:*:*:windows:*:*", "matchCriteriaId": "6AC514CA-D094-433D-9561-99048D43902F", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:endpoint_security:10.5.1:*:*:*:*:windows:*:*", "matchCriteriaId": "1B7AE3E9-DDCE-4119-B57D-B3D471E05B16", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:endpoint_security:10.5.2:*:*:*:*:windows:*:*", "matchCriteriaId": "603FE358-FADA-4FE6-B3F2-169D032A57E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:endpoint_security:10.5.3:*:*:*:*:windows:*:*", "matchCriteriaId": "66461D42-AE21-41B3-9FCB-3F6D09AC323E", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:endpoint_security:10.5.4:*:*:*:*:windows:*:*", "matchCriteriaId": "DCC441CF-5EA0-41C1-AE15-6672FF20B73A", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:endpoint_security:10.5.5:*:*:*:*:windows:*:*", "matchCriteriaId": "A6551AB4-1B0F-4EE3-8ED1-99413E3F19DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:endpoint_security:10.6.0:*:*:*:*:windows:*:*", "matchCriteriaId": "94732038-F35D-41AB-A550-E6F5FF9004DF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Symbolic link manipulation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows authenticated local user to potentially gain an escalation of privileges by pointing the link to files which the user which not normally have permission to alter via carefully creating symbolic links from the ENS log file directory."}, {"lang": "es", "value": "Una vulnerabilidad de manipulaci\u00f3n en enlaces simb\u00f3licos en McAfee Endpoint Security (ENS) para Windows versiones anteriores a 10.7.0 Update de Abril de 2020, permite a un usuario local autenticado conseguir una escalada de privilegios al se\u00f1alar el enlace a archivos que el usuario normalmente no tiene permiso para modificar por medio de enlaces simb\u00f3licos cuidadosamente creados desde el directorio del archivo de registro de ENS."}], "id": "CVE-2020-7250", "lastModified": "2023-11-07T03:25:44.030", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 6.0, "source": "trellixpsirt@trellix.com", "type": "Secondary"}]}, "published": "2020-04-15T13:15:13.080", "references": [{"source": "trellixpsirt@trellix.com", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10309"}], "sourceIdentifier": "trellixpsirt@trellix.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-59"}], "source": "trellixpsirt@trellix.com", "type": "Secondary"}]}