CVE-2020-7276

EUVD-2020-28403
Authentication bypass vulnerability in MfeUpgradeTool in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 Update allows administrator users to access policy settings via running this tool.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.4 MEDIUM
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:H/A:L
trellixCNA
6.4 MEDIUM
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:H/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
Affected Products (NVD)
VendorProductVersion
mcafeeendpoint_security
10.5.0
mcafeeendpoint_security
10.5.1
mcafeeendpoint_security
10.5.2
mcafeeendpoint_security
10.5.3
mcafeeendpoint_security
10.5.4
mcafeeendpoint_security
10.5.5
mcafeeendpoint_security
10.6.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://kc.mcafee.com/corporate/index?page=content&id=SB10309
https://kc.mcafee.com/corporate/index?page=content&id=SB10309