CVE-2020-7273Improper Privilege Management in LLC Mcafee Endpoint Security

CWE-269Improper Privilege Management3 documents3 sources
Severity
5.5MEDIUMNVD
CNA6.7
EPSS
0.1%
top 74.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mcafee LLC Mcafee Endpoint SecurityMcafee Endpoint Security
Timeline
PublishedApr 15
Latest updateMay 24

Description

Accessing functionality not properly constrained by ACLs vulnerability in the autorun start-up protection in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to delete or rename programs in the autorun key via manipulation of some parameters.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5mcafee_llc/mcafee_endpoint_security10.x10.7.0 April 2020 Update
NVDmcafee/endpoint_security7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-q2rf-82ch-fpf3: Accessing functionality not properly constrained by ACLs vulnerability in the autorun start-up protection in McAfee Endpoint Security (ENS) for Window2022-05-24
CVEList
Autorun registry bypass2020-04-15
CVE-2020-7273 — Improper Privilege Management | cvebase