CVE-2020-7276Improper Authentication in LLC Mcafee Endpoint Security

CWE-287Improper Authentication3 documents3 sources
Severity
6.7MEDIUMNVD
CNA6.4
EPSS
0.0%
top 85.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mcafee LLC Mcafee Endpoint SecurityMcafee Endpoint Security
Timeline
PublishedApr 15
Latest updateMay 24

Description

Authentication bypass vulnerability in MfeUpgradeTool in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 Update allows administrator users to access policy settings via running this tool.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5mcafee_llc/mcafee_endpoint_security10.x10.7.0 April 2020 Update
NVDmcafee/endpoint_security7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-3mx6-gj69-jg8v: Authentication bypass vulnerability in MfeUpgradeTool in McAfee Endpoint Security (ENS) for Windows prior to 102022-05-24
CVEList
Unrestricted Policy Management using MfeUpgradeTool.exe2020-04-15
CVE-2020-7276 — Improper Authentication | cvebase