Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Endpoint Security Security Vulnerabilities - 2020

cve
cve

CVE-2020-7250

Symbolic link manipulation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows authenticated local user to potentially gain an escalation of privileges by pointing the link to files which the user which not normally have permission to alter via ca...

8.2CVSS

7.7AI Score

0.0004EPSS

2020-04-15 01:15 PM
46
cve
cve

CVE-2020-7251

Improper access control vulnerability in Configuration Tool in McAfee Mcafee Endpoint Security (ENS) Prior to 10.6.1 February 2020 Update allows local users to disable security features via unauthorised use of the configuration tool from older versions of ENS.

5.5CVSS

5.3AI Score

0.0004EPSS

2020-02-14 03:15 PM
40
cve
cve

CVE-2020-7255

Privilege escalation vulnerability in the administrative user interface in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to gain elevated privileges via ENS not checking user permissions when editing configuration in the ENS client interface. Adm...

4.4CVSS

5.1AI Score

0.0004EPSS

2020-04-15 01:15 PM
27
cve
cve

CVE-2020-7257

Privilege escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to cause the deletion and creation of files they would not normally have permission to through altering the target of symbolic links whilst an anti-virus scan was...

8.4CVSS

6.3AI Score

0.0004EPSS

2020-04-15 12:15 PM
24
cve
cve

CVE-2020-7259

Exploitation of Privilege/Trust vulnerability in file in McAfee Endpoint Security (ENS) Prior to 10.7.0 February 2020 Update allows local users to bypass local security protection via a carefully crafted input file

7.8CVSS

7.3AI Score

0.0004EPSS

2020-04-15 12:15 PM
33
cve
cve

CVE-2020-7261

Buffer Overflow via Environment Variables vulnerability in AMSI component in McAfee Endpoint Security (ENS) Prior to 10.7.0 February 2020 Update allows local users to disable Endpoint Security via a carefully crafted user input.

6.1CVSS

5.2AI Score

0.0004EPSS

2020-04-15 12:15 PM
27
cve
cve

CVE-2020-7263

Improper access control vulnerability in ESconfigTool.exe in McAfee Endpoint Security (ENS) for Windows all current versions allows local administrator to alter ENS configuration up to and including disabling all protection offered by ENS via insecurely implemented encryption of configuration for e...

6.7CVSS

6.4AI Score

0.0004EPSS

2020-04-01 07:15 AM
37
4
cve
cve

CVE-2020-7264

Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 Hotfix 199847 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved th...

8.8CVSS

7.8AI Score

0.0004EPSS

2020-05-08 12:15 PM
37
cve
cve

CVE-2020-7265

Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Mac prior to 10.6.9 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a ma...

8.8CVSS

7.8AI Score

0.0004EPSS

2020-05-08 12:15 PM
36
cve
cve

CVE-2020-7273

Accessing functionality not properly constrained by ACLs vulnerability in the autorun start-up protection in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to delete or rename programs in the autorun key via manipulation of some parameters.

6.7CVSS

5.4AI Score

0.0004EPSS

2020-04-15 12:15 PM
26
cve
cve

CVE-2020-7274

Privilege escalation vulnerability in McTray.exe in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to spawn unrelated processes with elevated privileges via the system administrator granting McTray.exe elevated privileges (by default it runs with the...

7.8CVSS

7.6AI Score

0.0004EPSS

2020-04-15 12:15 PM
29
cve
cve

CVE-2020-7275

Accessing, modifying or executing executable files vulnerability in the uninstaller in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to execute arbitrary code via a carefully crafted input file.

5.3CVSS

5.7AI Score

0.0004EPSS

2020-04-15 12:15 PM
27
cve
cve

CVE-2020-7276

Authentication bypass vulnerability in MfeUpgradeTool in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 Update allows administrator users to access policy settings via running this tool.

6.7CVSS

6.5AI Score

0.0004EPSS

2020-04-15 12:15 PM
33
cve
cve

CVE-2020-7277

Protection mechanism failure in all processes in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 Update allows local users to stop certain McAfee ENS processes, reducing the protection offered.

6.8CVSS

5.1AI Score

0.0004EPSS

2020-04-15 12:15 PM
27
cve
cve

CVE-2020-7278

Exploiting incorrectly configured access control security levels vulnerability in ENS Firewall in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 and 10.6.1 April 2020 updates allows remote attackers and local users to allow or block unauthorized traffic via pre-existing rules...

7.4CVSS

6.5AI Score

0.001EPSS

2020-04-15 10:15 AM
25
cve
cve

CVE-2020-7319

Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to access files which the user otherwise would not have access to via manipulating symbolic links to redirect McAfee file operations to an unintended file.

8.8CVSS

8.1AI Score

0.0004EPSS

2020-09-09 10:15 AM
27
cve
cve

CVE-2020-7320

Protection Mechanism Failure vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local administrator to temporarily reduce the detection capability allowing otherwise detected malware to run via stopping certain Microsoft services.

7.3CVSS

6.8AI Score

0.0004EPSS

2020-09-09 10:15 AM
20
cve
cve

CVE-2020-7322

Information Disclosure Vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to gain access to sensitive information via incorrectly logging of sensitive information in debug logs.

4.7CVSS

4.5AI Score

0.0004EPSS

2020-09-09 10:15 AM
24
cve
cve

CVE-2020-7323

Authentication Protection Bypass vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows physical local users to bypass the Windows lock screen via triggering certain detection events while the computer screen is locked and the McTray.exe is running ...

6.9CVSS

6.3AI Score

0.001EPSS

2020-09-09 10:15 AM
32
cve
cve

CVE-2020-7331

Unquoted service executable path in McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows local users to cause a denial of service and malicious file execution via carefully crafted and named executable files.

7.8CVSS

7.7AI Score

0.0004EPSS

2020-11-12 10:15 AM
60
cve
cve

CVE-2020-7332

Cross Site Request Forgery vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows an attacker to execute arbitrary HTML code due to incorrect security configuration.

8.8CVSS

8.8AI Score

0.001EPSS

2020-11-12 10:15 AM
24
cve
cve

CVE-2020-7333

Cross site scripting vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows administrators to inject arbitrary web script or HTML via the configuration wizard.

4.8CVSS

5AI Score

0.001EPSS

2020-11-12 10:15 AM
29