Unquoted service executable path in McAfee Endpoint Security (ENS)
CVE-2020-7331
7.8HIGH
What is CVE-2020-7331?
Unquoted service executable path in McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows local users to cause a denial of service and malicious file execution via carefully crafted and named executable files.
Affected Version(s)
McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
McAfee credits Lockheed Martin Red Team for responsibly reporting this flaw.