CVE-2020-7255Improper Privilege Management in LLC Mcafee Endpoint Security

CWE-264CWE-269Improper Privilege Management3 documents3 sources
Severity
4.4MEDIUMNVD
CNA3.9
EPSS
0.1%
top 75.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mcafee LLC Mcafee Endpoint SecurityMcafee Endpoint Security
Timeline
PublishedApr 15
Latest updateMay 24

Description

Privilege escalation vulnerability in the administrative user interface in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to gain elevated privileges via ENS not checking user permissions when editing configuration in the ENS client interface. Administrators can lock the ENS client interface through ePO to prevent users being able to edit the configuration.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:LExploitability: 1.8 | Impact: 2.5

Affected Packages2 packages

CVEListV5mcafee_llc/mcafee_endpoint_security10.x10.7.0 April 2020 Update
NVDmcafee/endpoint_security7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-388h-g8mc-3g8v: Privilege escalation vulnerability in the administrative user interface in McAfee Endpoint Security (ENS) for Windows prior to 102022-05-24
CVEList
Privilege Escalation vulnerability  in ENS2020-04-15
CVE-2020-7255 — Improper Privilege Management | cvebase