CVE-2020-7261Improper Restriction of Operations within the Bounds of a Memory Buffer in LLC Mcafee Endpoint Security

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-120Classic Buffer Overflow3 documents3 sources
Severity
5.5MEDIUMNVD
CNA6.1
EPSS
0.1%
top 67.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mcafee LLC Mcafee Endpoint SecurityMcafee Endpoint Security
Timeline
PublishedApr 15
Latest updateMay 24

Description

Buffer Overflow via Environment Variables vulnerability in AMSI component in McAfee Endpoint Security (ENS) Prior to 10.7.0 February 2020 Update allows local users to disable Endpoint Security via a carefully crafted user input.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5mcafee_llc/mcafee_endpoint_security10.x10.7.0 April 2020 Update
NVDmcafee/endpoint_security7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-x222-6c25-wc8w: Buffer Overflow via Environment Variables vulnerability in AMSI component in McAfee Endpoint Security (ENS) Prior to 102022-05-24
CVEList
Buffer overwrite in ENS allowed to bypass AMSI protection2020-04-15
CVE-2020-7261 — MEDIUM severity | cvebase