CVE-2020-7276 — Improper Authentication in LLC Mcafee Endpoint Security

CWE-287 — Improper Authentication3 documents3 sources

Severity

6.7MEDIUMNVD

CNA6.4

EPSS

0.0%

top 85.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mcafee LLC Mcafee Endpoint Security Mcafee Endpoint Security

Timeline

PublishedApr 15

Latest updateMay 24

Description

Authentication bypass vulnerability in MfeUpgradeTool in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 Update allows administrator users to access policy settings via running this tool.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5mcafee_llc/mcafee_endpoint_security10.x — 10.7.0 April 2020 Update

▶NVDmcafee/endpoint_security7 versions+6

🔴Vulnerability Details

GHSA

GHSA-3mx6-gj69-jg8v: Authentication bypass vulnerability in MfeUpgradeTool in McAfee Endpoint Security (ENS) for Windows prior to 10↗2022-05-24

▶

CVEList

Unrestricted Policy Management using MfeUpgradeTool.exe↗2020-04-15

▶