First published: Wed Apr 15 2020(Updated: )
Privilege escalation vulnerability in McTray.exe in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to spawn unrelated processes with elevated privileges via the system administrator granting McTray.exe elevated privileges (by default it runs with the current user's privileges).
Credit: psirt@mcafee.com
Affected Software | Affected Version | How to fix |
---|---|---|
Mcafee Endpoint Security | =10.5.0 | |
Mcafee Endpoint Security | =10.5.1 | |
Mcafee Endpoint Security | =10.5.2 | |
Mcafee Endpoint Security | =10.5.3 | |
Mcafee Endpoint Security | =10.5.4 | |
Mcafee Endpoint Security | =10.5.5 | |
Mcafee Endpoint Security | =10.6.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-7274 is a privilege escalation vulnerability in McTray.exe in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 Update.
CVE-2020-7274 allows local users to spawn unrelated processes with elevated privileges via the system administrator granting McTray.exe elevated privileges.
The severity of CVE-2020-7274 is high, with a CVSS score of 7.8.
McAfee Endpoint Security versions 10.5.0 to 10.6.0 are affected by CVE-2020-7274.
To fix CVE-2020-7274, update McAfee Endpoint Security to version 10.7.0 April 2020 Update or later.