CVE-2020-7274

CWE-269Improper Privilege Management3 documents3 sources
Severity
7.8HIGH
EPSS
0.1%
top 70.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mcafee LLC Mcafee Endpoint Security (ens)Mcafee Endpoint Security
Timeline
PublishedApr 15
Latest updateMay 24

Description

Privilege escalation vulnerability in McTray.exe in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to spawn unrelated processes with elevated privileges via the system administrator granting McTray.exe elevated privileges (by default it runs with the current user's privileges).

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:LExploitability: 0.8 | Impact: 5.3

Affected Packages2 packages

CVEListV5mcafee_llc/mcafee_endpoint_security_(ens)10.x10.7.0 April 2020 Update
NVDmcafee/endpoint_security7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-85vr-v8cj-mr3v: Privilege escalation vulnerability in McTray2022-05-24
CVEList
ENS elevated permissions vulnerability2020-04-15
CVE-2020-7274 (HIGH CVSS 7.8) | Privilege escalation vulnerability | cvebase.io