1. Home
  2. CVE Database
  3. CVE-2020-7274
MEDIUM · 6.6

CVE-2020-7274

Privilege escalation vulnerability in McTray.exe in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to spawn unrelated processes with elevated privilege...

Vulnerability Description

Privilege escalation vulnerability in McTray.exe in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to spawn unrelated processes with elevated privileges via the system administrator granting McTray.exe elevated privileges (by default it runs with the current user's privileges).

CVSS Score

6.6

MEDIUM

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:L
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
HIGH
Integrity
LOW
Availability
LOW

Affected Products

VendorProductVersions
McafeeEndpoint Security10.5.0

Related Weaknesses (CWE)

CWE-269

References

FAQ

What is CVE-2020-7274?

CVE-2020-7274 is a vulnerability with a CVSS score of 6.6 (MEDIUM). Privilege escalation vulnerability in McTray.exe in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to spawn unrelated processes with elevated privilege...

How severe is CVE-2020-7274?

CVE-2020-7274 has been rated MEDIUM with a CVSS base score of 6.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-7274?

Check the references section above for vendor advisories and patch information. Affected products include: Mcafee Endpoint Security.