nvd-json-data-feeds/CVE-2020/CVE-2020-72xx/CVE-2020-7255.json

{
  "id": "CVE-2020-7255",
  "sourceIdentifier": "trellixpsirt@trellix.com",
  "published": "2020-04-15T13:15:13.267",
  "lastModified": "2024-11-21T05:36:56.197",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Privilege escalation vulnerability in the administrative user interface in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to gain elevated privileges via ENS not checking user permissions when editing configuration in the ENS client interface. Administrators can lock the ENS client interface through ePO to prevent users being able to edit the configuration."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de escalada de privilegios en la interfaz administrativa de usuario en McAfee Endpoint Security (ENS) para Windows versiones anteriores a 10.7.0 Update de febrero de 2020, permite a usuarios locales alcanzar privilegios elevados por medio de ENS sin comprobar los permisos del usuario cuando se edita la configuraci\u00f3n en la interfaz del cliente ENS. Los administradores pueden bloquear la interfaz del cliente ENS por medio de ePO para impedir que los usuarios puedan editar la configuraci\u00f3n."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "trellixpsirt@trellix.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L",
          "baseScore": 3.9,
          "baseSeverity": "LOW",
          "attackVector": "LOCAL",
          "attackComplexity": "HIGH",
          "privilegesRequired": "LOW",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "availabilityImpact": "LOW"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 2.7
      },
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
          "baseScore": 4.4,
          "baseSeverity": "MEDIUM",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "availabilityImpact": "LOW"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 2.5
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
          "baseScore": 3.6,
          "accessVector": "LOCAL",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL"
        },
        "baseSeverity": "LOW",
        "exploitabilityScore": 3.9,
        "impactScore": 4.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "trellixpsirt@trellix.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ]
    },
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:mcafee:endpoint_security:10.5.0:*:*:*:*:windows:*:*",
              "matchCriteriaId": "6AC514CA-D094-433D-9561-99048D43902F"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:mcafee:endpoint_security:10.5.1:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1B7AE3E9-DDCE-4119-B57D-B3D471E05B16"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:mcafee:endpoint_security:10.5.2:*:*:*:*:windows:*:*",
              "matchCriteriaId": "603FE358-FADA-4FE6-B3F2-169D032A57E9"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:mcafee:endpoint_security:10.5.3:*:*:*:*:windows:*:*",
              "matchCriteriaId": "66461D42-AE21-41B3-9FCB-3F6D09AC323E"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:mcafee:endpoint_security:10.5.4:*:*:*:*:windows:*:*",
              "matchCriteriaId": "DCC441CF-5EA0-41C1-AE15-6672FF20B73A"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:mcafee:endpoint_security:10.5.5:*:*:*:*:windows:*:*",
              "matchCriteriaId": "A6551AB4-1B0F-4EE3-8ED1-99413E3F19DD"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:mcafee:endpoint_security:10.6.0:*:*:*:*:windows:*:*",
              "matchCriteriaId": "94732038-F35D-41AB-A550-E6F5FF9004DF"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10309",
      "source": "trellixpsirt@trellix.com"
    },
    {
      "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10309",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    }
  ]
}