CVE-2020-7261 MEDIUM

CVE-2020-7261: Buffer overwrite in ENS allowed to bypass AMSI protection

Vendor Mcafee Llc
Product McAfee Endpoint Security (ENS)
Weakness CWE-119
Published April 15, 2020
Last update September 16, 2024

CVSS base score

6.1/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction Required
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N

What the vulnerability does

01Description

Buffer Overflow via Environment Variables vulnerability in AMSI component in McAfee Endpoint Security (ENS) Prior to 10.7.0 February 2020 Update allows local users to disable Endpoint Security via a carefully crafted user input.

Key dates

02Disclosure timeline

April 15, 2020 CVE published
September 16, 2024 Record updated