Lucene search

TrellixCVELIST:CVE-2020-7276

HistoryApr 14, 2020 - 12:00 a.m.

CVE-2020-7276 Unrestricted Policy Management using MfeUpgradeTool.exe

2020-04-1400:00:00

CWE-287

trellix

www.cve.org

6.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:H/A:L

7.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.6%

JSON

Authentication bypass vulnerability in MfeUpgradeTool in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 Update allows administrator users to access policy settings via running this tool.

CNA Affected

[
  {
    "product": "McAfee Endpoint Security (ENS)",
    "vendor": "McAfee LLC",
    "versions": [
      {
        "lessThan": "10.7.0 April 2020 Update",
        "status": "affected",
        "version": "10.x",
        "versionType": "custom"
      }
    ]
  }
]

References

kc.mcafee.com/corporate/index?page=content&id=SB10309

6.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:H/A:L

7.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.6%

JSON

Related for CVELIST:CVE-2020-7276