Vulnerabilities > Mcafee > Endpoint Security > High

DATE CVE VULNERABILITY TITLE RISK
2021-09-17 CVE-2021-31843 Link Following vulnerability in Mcafee Endpoint Security
Improper privileges management vulnerability in McAfee Endpoint Security (ENS) Windows prior to 10.7.0 September 2021 Update allows local users to access files which they would otherwise not have access to via manipulating junction links to redirect McAfee folder operations to an unintended location.
local
low complexity
mcafee CWE-59
7.8
2020-11-12 CVE-2020-7332 Cross-Site Request Forgery (CSRF) vulnerability in Mcafee Endpoint Security
Cross Site Request Forgery vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows an attacker to execute arbitrary HTML code due to incorrect security configuration.
network
low complexity
mcafee CWE-352
8.8
2020-11-12 CVE-2020-7331 Unquoted Search Path or Element vulnerability in Mcafee Endpoint Security
Unquoted service executable path in McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows local users to cause a denial of service and malicious file execution via carefully crafted and named executable files.
local
low complexity
mcafee CWE-428
7.8
2020-09-09 CVE-2020-7320 Unspecified vulnerability in Mcafee Endpoint Security
Protection Mechanism Failure vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local administrator to temporarily reduce the detection capability allowing otherwise detected malware to run via stopping certain Microsoft services.
local
low complexity
mcafee
7.3
2020-09-09 CVE-2020-7319 Link Following vulnerability in Mcafee Endpoint Security
Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to access files which the user otherwise would not have access to via manipulating symbolic links to redirect McAfee file operations to an unintended file.
local
low complexity
mcafee CWE-59
8.8
2020-05-08 CVE-2020-7265 Improper Privilege Management vulnerability in Mcafee Endpoint Security
Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Mac prior to 10.6.9 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file.
local
low complexity
mcafee CWE-269
8.4
2020-05-08 CVE-2020-7264 Improper Privilege Management vulnerability in Mcafee Endpoint Security
Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 Hotfix 199847 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file.
local
low complexity
mcafee CWE-269
8.4
2020-04-15 CVE-2020-7250 Link Following vulnerability in Mcafee Endpoint Security
Symbolic link manipulation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows authenticated local user to potentially gain an escalation of privileges by pointing the link to files which the user which not normally have permission to alter via carefully creating symbolic links from the ENS log file directory.
local
low complexity
mcafee CWE-59
7.8
2020-04-15 CVE-2020-7274 Improper Privilege Management vulnerability in Mcafee Endpoint Security
Privilege escalation vulnerability in McTray.exe in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to spawn unrelated processes with elevated privileges via the system administrator granting McTray.exe elevated privileges (by default it runs with the current user's privileges).
local
low complexity
mcafee CWE-269
7.8
2020-04-15 CVE-2020-7259 Improper Privilege Management vulnerability in Mcafee Endpoint Security
Exploitation of Privilege/Trust vulnerability in file in McAfee Endpoint Security (ENS) Prior to 10.7.0 February 2020 Update allows local users to bypass local security protection via a carefully crafted input file
local
low complexity
mcafee CWE-269
7.8