CVE-2020-7255
Privilege Escalation vulnerability in ENS
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Privilege escalation vulnerability in the administrative user interface in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to gain elevated privileges via ENS not checking user permissions when editing configuration in the ENS client interface. Administrators can lock the ENS client interface through ePO to prevent users being able to edit the configuration.
Una vulnerabilidad de escalada de privilegios en la interfaz administrativa de usuario en McAfee Endpoint Security (ENS) para Windows versiones anteriores a 10.7.0 Update de febrero de 2020, permite a usuarios locales alcanzar privilegios elevados por medio de ENS sin comprobar los permisos del usuario cuando se edita la configuración en la interfaz del cliente ENS. Los administradores pueden bloquear la interfaz del cliente ENS por medio de ePO para impedir que los usuarios puedan editar la configuración.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-01-21 CVE Reserved
- 2020-04-15 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
- CWE-269: Improper Privilege Management
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://kc.mcafee.com/corporate/index?page=content&id=SB10309 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mcafee Search vendor "Mcafee" | Endpoint Security Search vendor "Mcafee" for product "Endpoint Security" | 10.5.0 Search vendor "Mcafee" for product "Endpoint Security" and version "10.5.0" | windows |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Endpoint Security Search vendor "Mcafee" for product "Endpoint Security" | 10.5.1 Search vendor "Mcafee" for product "Endpoint Security" and version "10.5.1" | windows |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Endpoint Security Search vendor "Mcafee" for product "Endpoint Security" | 10.5.2 Search vendor "Mcafee" for product "Endpoint Security" and version "10.5.2" | windows |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Endpoint Security Search vendor "Mcafee" for product "Endpoint Security" | 10.5.3 Search vendor "Mcafee" for product "Endpoint Security" and version "10.5.3" | windows |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Endpoint Security Search vendor "Mcafee" for product "Endpoint Security" | 10.5.4 Search vendor "Mcafee" for product "Endpoint Security" and version "10.5.4" | windows |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Endpoint Security Search vendor "Mcafee" for product "Endpoint Security" | 10.5.5 Search vendor "Mcafee" for product "Endpoint Security" and version "10.5.5" | windows |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Endpoint Security Search vendor "Mcafee" for product "Endpoint Security" | 10.6.0 Search vendor "Mcafee" for product "Endpoint Security" and version "10.6.0" | windows |
Affected
| ||||||