CVE-2020-7273 : Security Advisory and Response

A vulnerability in McAfee Endpoint Security (ENS) allows local users to manipulate parameters and delete or rename programs in the autorun key.

Understanding CVE-2020-7273

This CVE involves an improper privilege management issue in McAfee Endpoint Security (ENS) for Windows.

What is CVE-2020-7273?

CVE-2020-7273 is an ACLs vulnerability in the autorun start-up protection in McAfee Endpoint Security (ENS) for Windows, allowing local users to delete or rename programs in the autorun key through parameter manipulation.

The Impact of CVE-2020-7273

CVSS Base Score: 6.7 (Medium Severity)
Attack Vector: Local
Availability Impact: High
Integrity Impact: Low
Privileges Required: Low
User Interaction: Required

Technical Details of CVE-2020-7273

This section provides more in-depth technical details of the vulnerability.

Vulnerability Description

The vulnerability arises from accessing functionality not properly constrained by ACLs in the autorun start-up protection of McAfee ENS.

Affected Systems and Versions

Affected Product: McAfee Endpoint Security (ENS)
Vendor: McAfee LLC
Affected Version: Prior to 10.7.0 April 2020 Update

Exploitation Mechanism

The vulnerability allows local users to delete or rename programs in the autorun key by manipulating certain parameters.

Mitigation and Prevention

Protecting systems from CVE-2020-7273 requires immediate actions and long-term security practices.

Immediate Steps to Take

Update McAfee ENS to version 10.7.0 April 2020 Update or later.
Monitor and restrict access to the autorun key.

Long-Term Security Practices

Implement least privilege access controls.
Regularly review and update ACLs to ensure proper constraints.

Patching and Updates

Apply security patches and updates provided by McAfee to address this vulnerability.