CVE-2020-7275Unquoted Search Path or Element in LLC Mcafee Endpoint Security

CWE-428Unquoted Search Path or Element3 documents3 sources
Severity
5.3MEDIUMNVD
CNA4.8
EPSS
0.1%
top 68.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mcafee LLC Mcafee Endpoint SecurityMcafee Endpoint Security
Timeline
PublishedApr 15
Latest updateMay 24

Description

Accessing, modifying or executing executable files vulnerability in the uninstaller in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to execute arbitrary code via a carefully crafted input file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 1.8 | Impact: 3.4

Affected Packages2 packages

CVEListV5mcafee_llc/mcafee_endpoint_security10.x10.7.0 April 2020 Update
NVDmcafee/endpoint_security7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-7hxj-fcfx-69p5: Accessing, modifying or executing executable files vulnerability in the uninstaller in McAfee Endpoint Security (ENS) for Windows Prior to 102022-05-24
CVEList
Unquoted service paths for some McAfee ENS files2020-04-15
CVE-2020-7275 — Unquoted Search Path or Element | cvebase