1. Home
  2. CVE Database
  3. CVE-2020-7273
MEDIUM · 6.7

CVE-2020-7273

Accessing functionality not properly constrained by ACLs vulnerability in the autorun start-up protection in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local u...

Vulnerability Description

Accessing functionality not properly constrained by ACLs vulnerability in the autorun start-up protection in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to delete or rename programs in the autorun key via manipulation of some parameters.

CVSS Score

6.7

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
NONE
Integrity
LOW
Availability
HIGH

Affected Products

VendorProductVersions
McafeeEndpoint Security10.5.0

Related Weaknesses (CWE)

CWE-269

References

FAQ

What is CVE-2020-7273?

CVE-2020-7273 is a vulnerability with a CVSS score of 6.7 (MEDIUM). Accessing functionality not properly constrained by ACLs vulnerability in the autorun start-up protection in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local u...

How severe is CVE-2020-7273?

CVE-2020-7273 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-7273?

Check the references section above for vendor advisories and patch information. Affected products include: Mcafee Endpoint Security.