First published: Tue Apr 14 2020(Updated: )
Accessing functionality not properly constrained by ACLs vulnerability in the autorun start-up protection in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to delete or rename programs in the autorun key via manipulation of some parameters.
Credit: psirt@mcafee.com
Affected Software | Affected Version | How to fix |
---|---|---|
Mcafee Endpoint Security | =10.5.0 | |
Mcafee Endpoint Security | =10.5.1 | |
Mcafee Endpoint Security | =10.5.2 | |
Mcafee Endpoint Security | =10.5.3 | |
Mcafee Endpoint Security | =10.5.4 | |
Mcafee Endpoint Security | =10.5.5 | |
Mcafee Endpoint Security | =10.6.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-7273 is a vulnerability in the autorun start-up protection in McAfee Endpoint Security (ENS) for Windows prior to version 10.7.0 April 2020 Update.
The severity of CVE-2020-7273 is medium with a CVSS score of 5.5.
McAfee Endpoint Security versions 10.5.0, 10.5.1, 10.5.2, 10.5.3, 10.5.4, 10.5.5, and 10.6.0 are affected by CVE-2020-7273.
CVE-2020-7273 allows local users to delete or rename programs in the autorun key via manipulation of some parameters.
Yes, a fix for CVE-2020-7273 is available in McAfee Endpoint Security version 10.7.0 April 2020 Update.