Unquoted service paths for some McAfee ENS files
CVE-2020-7275

4.8MEDIUM

Key Information:

Vendor

Mcafee Llc

Vendor
CVE Published:
15 April 2020

What is CVE-2020-7275?

Accessing, modifying or executing executable files vulnerability in the uninstaller in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to execute arbitrary code via a carefully crafted input file.

Affected Version(s)

McAfee Endpoint Security (ENS) 10.x < 10.7.0 April 2020 Update

References

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.