PT-2020-19516 · Mcafee · Mcafee Endpoint Security

Published

2020-04-15

Updated

2020-04-20

CVE-2020-7274

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions McAfee Endpoint Security (ENS) for Windows versions prior to 10.7.0 April 2020 Update

Description A privilege escalation issue allows local users to spawn unrelated processes with elevated privileges via the system administrator granting McTray.exe elevated privileges, which by default runs with the current user's privileges.

Recommendations For versions prior to 10.7.0 April 2020 Update, update to the April 2020 Update or later to resolve the issue. As a temporary workaround, consider restricting the privileges granted to McTray.exe to minimize the risk of exploitation.

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

CVE-2020-7274

Affected Products

Mcafee Endpoint Security

PT-2020-19516 · Mcafee · Mcafee Endpoint Security

CVE-2020-7274

Weakness Enumeration

Related Identifiers

Affected Products

References · 4