Main Vulnerability Database Vulnerabilities #VU46690

#VU46690 Improper Authentication in McAfee Endpoint Security (ENS) - CVE-2020-7323

Published: September 14, 2020

Vulnerability identifier: #VU46690

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-7323

CWE-ID: CWE-287

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
McAfee Endpoint Security (ENS)

Software vendor:
McAfee

Description

The vulnerability allows a local attacker to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests. An attacker with physical access can bypass the Windows lock screen via triggering certain detection events while the computer screen is locked and the McTray.exe is running with elevated privileges.

Note: This vulnerability affects the following versions:

10.7.0.x
10.6.x
10.5.x

Remediation

Install updates from vendor's website.

External links

https://kc.mcafee.com/corporate/index?page=content&id=SB10327

#VU46690 Improper Authentication in McAfee Endpoint Security (ENS) - CVE-2020-7323

Description

Remediation

External links

Please verify you're human