CVE-2020-7273

EUVD-2020-28400
Accessing functionality not properly constrained by ACLs vulnerability in the autorun start-up protection in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to delete or rename programs in the autorun key via manipulation of some parameters.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.7 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:H
trellixCNA
6.7 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 25%
Affected Products (NVD)
VendorProductVersion
mcafeeendpoint_security
10.5.0
mcafeeendpoint_security
10.5.1
mcafeeendpoint_security
10.5.2
mcafeeendpoint_security
10.5.3
mcafeeendpoint_security
10.5.4
mcafeeendpoint_security
10.5.5
mcafeeendpoint_security
10.6.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://kc.mcafee.com/corporate/index?page=content&id=SB10309
https://kc.mcafee.com/corporate/index?page=content&id=SB10309