CVE-2020-7273 (GCVE-0-2020-7273)

Vulnerability from cvelistv5 – Published: 2020-04-15 11:35 – Updated: 2024-09-16 16:32
VLAI?
Summary
Accessing functionality not properly constrained by ACLs vulnerability in the autorun start-up protection in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to delete or rename programs in the autorun key via manipulation of some parameters.
Severity ?
6.7 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:H
CWE
  • CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
Vendor Product Version
McAfee LLC McAfee Endpoint Security (ENS) Affected: 10.x , < 10.7.0 April 2020 Update (custom)
Create a notification for this product.
Credits
McAfee credits Dávid Müller for reporting this flaw
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:25:48.957Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10309"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "McAfee Endpoint Security (ENS)",
          "vendor": "McAfee LLC",
          "versions": [
            {
              "lessThan": "10.7.0 April 2020 Update",
              "status": "affected",
              "version": "10.x",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "McAfee credits D\u00e1vid M\u00fcller for reporting this flaw"
        }
      ],
      "datePublic": "2020-04-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Accessing functionality not properly constrained by ACLs vulnerability in the autorun start-up protection in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to delete or rename programs in the autorun key via manipulation of some parameters."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-15T11:35:14",
        "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "shortName": "trellix"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10309"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Autorun registry bypass",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@mcafee.com",
          "DATE_PUBLIC": "2020-04-14T00:00:00.000Z",
          "ID": "CVE-2020-7273",
          "STATE": "PUBLIC",
          "TITLE": "Autorun registry bypass"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "McAfee Endpoint Security (ENS)",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.x",
                            "version_value": "10.7.0 April 2020 Update"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "McAfee LLC"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "McAfee credits D\u00e1vid M\u00fcller for reporting this flaw"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Accessing functionality not properly constrained by ACLs vulnerability in the autorun start-up protection in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to delete or rename programs in the autorun key via manipulation of some parameters."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-269 Improper Privilege Management"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10309",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10309"
            }
          ]
        },
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
    "assignerShortName": "trellix",
    "cveId": "CVE-2020-7273",
    "datePublished": "2020-04-15T11:35:14.363986Z",
    "dateReserved": "2020-01-21T00:00:00",
    "dateUpdated": "2024-09-16T16:32:41.543Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:endpoint_security:10.5.0:*:*:*:*:windows:*:*\", \"matchCriteriaId\": \"6AC514CA-D094-433D-9561-99048D43902F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:endpoint_security:10.5.1:*:*:*:*:windows:*:*\", \"matchCriteriaId\": \"1B7AE3E9-DDCE-4119-B57D-B3D471E05B16\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:endpoint_security:10.5.2:*:*:*:*:windows:*:*\", \"matchCriteriaId\": \"603FE358-FADA-4FE6-B3F2-169D032A57E9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:endpoint_security:10.5.3:*:*:*:*:windows:*:*\", \"matchCriteriaId\": \"66461D42-AE21-41B3-9FCB-3F6D09AC323E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:endpoint_security:10.5.4:*:*:*:*:windows:*:*\", \"matchCriteriaId\": \"DCC441CF-5EA0-41C1-AE15-6672FF20B73A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:endpoint_security:10.5.5:*:*:*:*:windows:*:*\", \"matchCriteriaId\": \"A6551AB4-1B0F-4EE3-8ED1-99413E3F19DD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:endpoint_security:10.6.0:*:*:*:*:windows:*:*\", \"matchCriteriaId\": \"94732038-F35D-41AB-A550-E6F5FF9004DF\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Accessing functionality not properly constrained by ACLs vulnerability in the autorun start-up protection in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to delete or rename programs in the autorun key via manipulation of some parameters.\"}, {\"lang\": \"es\", \"value\": \"La funcionalidad de acceso no restringe apropiadamente por una vulnerabilidad de las ACL en la protecci\\u00f3n de inicio de ejecuci\\u00f3n autom\\u00e1tica en McAfee Endpoint Security (ENS) para Windows versiones anteriores a  10.7.0 Update de Abril de 2020, permite a usuarios locales eliminar o cambiar el nombre de los programas en la clave de ejecuci\\u00f3n autom\\u00e1tica por medio de la manipulaci\\u00f3n de algunos par\\u00e1metros.\"}]",
      "id": "CVE-2020-7273",
      "lastModified": "2024-11-21T05:36:58.037",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"trellixpsirt@trellix.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:H\", \"baseScore\": 6.7, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.5, \"impactScore\": 4.7}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:N/I:P/A:N\", \"baseScore\": 2.1, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 3.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-04-15T12:15:12.153",
      "references": "[{\"url\": \"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10309\", \"source\": \"trellixpsirt@trellix.com\"}, {\"url\": \"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10309\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "trellixpsirt@trellix.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"trellixpsirt@trellix.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-269\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-269\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-7273\",\"sourceIdentifier\":\"trellixpsirt@trellix.com\",\"published\":\"2020-04-15T12:15:12.153\",\"lastModified\":\"2024-11-21T05:36:58.037\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Accessing functionality not properly constrained by ACLs vulnerability in the autorun start-up protection in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to delete or rename programs in the autorun key via manipulation of some parameters.\"},{\"lang\":\"es\",\"value\":\"La funcionalidad de acceso no restringe apropiadamente por una vulnerabilidad de las ACL en la protecci\u00f3n de inicio de ejecuci\u00f3n autom\u00e1tica en McAfee Endpoint Security (ENS) para Windows versiones anteriores a  10.7.0 Update de Abril de 2020, permite a usuarios locales eliminar o cambiar el nombre de los programas en la clave de ejecuci\u00f3n autom\u00e1tica por medio de la manipulaci\u00f3n de algunos par\u00e1metros.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"trellixpsirt@trellix.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:H\",\"baseScore\":6.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.5,\"impactScore\":4.7},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"trellixpsirt@trellix.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-269\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-269\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:endpoint_security:10.5.0:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"6AC514CA-D094-433D-9561-99048D43902F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:endpoint_security:10.5.1:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"1B7AE3E9-DDCE-4119-B57D-B3D471E05B16\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:endpoint_security:10.5.2:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"603FE358-FADA-4FE6-B3F2-169D032A57E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:endpoint_security:10.5.3:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"66461D42-AE21-41B3-9FCB-3F6D09AC323E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:endpoint_security:10.5.4:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"DCC441CF-5EA0-41C1-AE15-6672FF20B73A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:endpoint_security:10.5.5:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"A6551AB4-1B0F-4EE3-8ED1-99413E3F19DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:endpoint_security:10.6.0:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"94732038-F35D-41AB-A550-E6F5FF9004DF\"}]}]}],\"references\":[{\"url\":\"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10309\",\"source\":\"trellixpsirt@trellix.com\"},{\"url\":\"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10309\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.