PT-2020-19503 · Mcafee · Mcafee Endpoint Security (Ens) For Windows+1

Published

2020-04-15

Updated

2020-04-21

CVE-2020-7255

CVSS v3.1

4.4

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Name of the Vulnerable Software and Affected Versions McAfee Endpoint Security (ENS) for Windows versions prior to 10.7.0 February 2020 Update

Description A privilege escalation issue exists in the administrative user interface of McAfee Endpoint Security (ENS) for Windows, where the system fails to check user permissions when editing configuration in the ENS client interface, allowing local users to gain elevated privileges. Administrators can mitigate this by locking the ENS client interface through ePO to prevent users from editing the configuration.

Recommendations For versions prior to 10.7.0 February 2020 Update, administrators can lock the ENS client interface through ePO to prevent users from editing the configuration and gaining elevated privileges.

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269CWE-264

Related Identifiers

CVE-2020-7255

Affected Products

Mcafee Endpoint Security (Ens) For Windows

Epo

PT-2020-19503 · Mcafee · Mcafee Endpoint Security (Ens) For Windows+1

CVE-2020-7255

Weakness Enumeration

Related Identifiers

Affected Products

References · 4