Privilege Escalation vulnerability  in ENS
CVE-2020-7255

3.9LOW

Key Information:

Vendor: Mcafee Llc
Status: Mcafee Endpoint Security (ens)
Vendor: CVE Published:; 15 April 2020

Summary

Privilege escalation vulnerability in the administrative user interface in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to gain elevated privileges via ENS not checking user permissions when editing configuration in the ENS client interface. Administrators can lock the ENS client interface through ePO to prevent users being able to edit the configuration.

Affected Version(s)

McAfee Endpoint Security (ENS) 10.x < 10.7.0 April 2020 Update

References

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

CVSS V3.1

Score:

3.9

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 15, 2020
Vulnerability Reserved
Jan 21, 2020

Credit

McAfee  credits  Lockheed Martin Red Team for   reporting this flaw