CVE-2020-7323 Vulnerability Details

  /     /     /  

CVE-2020-7323 Metadata Quick Info

CVE Published: 09/09/2020 | CVE Updated: 17/09/2024 | CVE Year: 2020
Source: trellix | Vendor: McAfee LLC | Product: Endpoint Security for Windows
Status : PUBLISHED

CVE-2020-7323 Description

Authentication Protection Bypass vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows physical local users to bypass the Windows lock screen via triggering certain detection events while the computer screen is locked and the McTray.exe is running with elevated privileges. This issue is timing dependent and requires physical access to the machine.

Metrics

CVSS Version: 3.1 | Base Score: 6.9 MEDIUM
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L

l➤ Exploitability Metrics:
    Attack Vector (AV)* PHYSICAL
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* NONE
    User Interaction (UI)* REQUIRED
    Scope (S)* CHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* HIGH
    Availability Impact (A)* LOW

Weakness Enumeration (CWE)

CWE-ID: CWE-287
CWE Name: CWE-287: Improper Authentication
Source: McAfee LLC

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).

Last added CVEs

▸ CVE-2024-9999 ◂
Discovered: 12/11/2024
Status: PUBLISHED
▸ CVE-2024-9997 ◂
Discovered: 29/10/2024
Status: PUBLISHED
▸ CVE-2024-9996 ◂
Discovered: 29/10/2024
Status: PUBLISHED



Tags:
CVE-2020-7323 Vulnerability Details