CVE-2020-7331
HIGHMcAfee Endpoint Security < 10.6.1 - Unquoted Service Path Denial of Service and Malicious File Execution
Title source: llmDescription
Unquoted service executable path in McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows local users to cause a denial of service and malicious file execution via carefully crafted and named executable files.
References (1)
Core 1
Core References
Broken Link x_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10335
Scores
CVSS v3
7.8
EPSS
0.0016
EPSS Percentile
36.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-428
Status
published
Products (1)
mcafee/endpoint_security
< 10.6.1
Published
Nov 12, 2020
Tracked Since
Feb 18, 2026