CVE-2020-7259

Exploitation of Privilege/Trust vulnerability in file in McAfee Endpoint Security (ENS) Prior to 10.7.0 February 2020 Update allows local users to bypass local security protection via a carefully crafted input file

Weakness

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Affected Software

Name	Vendor	Start Version	End Version
Endpoint_security	Mcafee	10.5.0 (including)	10.5.0 (including)
Endpoint_security	Mcafee	10.5.1 (including)	10.5.1 (including)
Endpoint_security	Mcafee	10.5.2 (including)	10.5.2 (including)
Endpoint_security	Mcafee	10.5.3 (including)	10.5.3 (including)
Endpoint_security	Mcafee	10.5.4 (including)	10.5.4 (including)
Endpoint_security	Mcafee	10.5.5 (including)	10.5.5 (including)
Endpoint_security	Mcafee	10.6.0 (including)	10.6.0 (including)

Potential Mitigations

https://cwe.mitre.org/data/definitions/122.html
https://cwe.mitre.org/data/definitions/233.html
https://cwe.mitre.org/data/definitions/58.html

References

https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10309

NVD	https://nvd.nist.gov/vuln/detail/CVE-2020-7259
CWE	https://cwe.mitre.org/data/definitions/269.html

Improper Privilege Management

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References