First published: Wed Apr 15 2020(Updated: )
Privilege escalation vulnerability in the administrative user interface in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to gain elevated privileges via ENS not checking user permissions when editing configuration in the ENS client interface. Administrators can lock the ENS client interface through ePO to prevent users being able to edit the configuration.
Credit: psirt@mcafee.com
Affected Software | Affected Version | How to fix |
---|---|---|
Mcafee Endpoint Security | =10.5.0 | |
Mcafee Endpoint Security | =10.5.1 | |
Mcafee Endpoint Security | =10.5.2 | |
Mcafee Endpoint Security | =10.5.3 | |
Mcafee Endpoint Security | =10.5.4 | |
Mcafee Endpoint Security | =10.5.5 | |
Mcafee Endpoint Security | =10.6.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-7255 is a privilege escalation vulnerability in the administrative user interface in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update.
CVE-2020-7255 affects McAfee Endpoint Security versions 10.5.0 to 10.6.0 for Windows.
CVE-2020-7255 has a severity rating of 4.4 (medium).
An attacker can exploit CVE-2020-7255 by using the administrative user interface in McAfee Endpoint Security to gain elevated privileges.
To fix CVE-2020-7255, update McAfee Endpoint Security to version 10.7.0 February 2020 Update or later.