Lucene search

TrellixCVELIST:CVE-2020-7274

HistoryApr 14, 2020 - 12:00 a.m.

CVE-2020-7274 ENS elevated permissions vulnerability

2020-04-1400:00:00

CWE-269

trellix

www.cve.org

6.6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:L

8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Privilege escalation vulnerability in McTray.exe in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to spawn unrelated processes with elevated privileges via the system administrator granting McTray.exe elevated privileges (by default it runs with the current user’s privileges).

CNA Affected

[
  {
    "product": "McAfee Endpoint Security (ENS)",
    "vendor": "McAfee LLC",
    "versions": [
      {
        "lessThan": "10.7.0 April 2020 Update",
        "status": "affected",
        "version": "10.x",
        "versionType": "custom"
      }
    ]
  }
]

References

kc.mcafee.com/corporate/index?page=content&id=SB10309

6.6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:L

8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2020-7274