{"containers":{"cna":{"affected":[{"product":"McAfee Endpoint Security (ENS)","vendor":"McAfee LLC","versions":[{"lessThan":"10.7.0 April 2020 Update","status":"affected","version":"10.x","versionType":"custom"}]}],"credits":[{"lang":"en","value":"McAfee credits Dávid Müller for reporting this flaw"}],"datePublic":"2020-04-14T00:00:00.000Z","descriptions":[{"lang":"en","value":"Accessing functionality not properly constrained by ACLs vulnerability in the autorun start-up protection in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to delete or rename programs in the autorun key via manipulation of some parameters."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":6.7,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:H","version":"3.1"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-269","description":"CWE-269 Improper Privilege Management","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2020-04-15T11:35:14.000Z","orgId":"01626437-bf8f-4d1c-912a-893b5eb04808","shortName":"trellix"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10309"}],"source":{"discovery":"EXTERNAL"},"title":"Autorun registry bypass","x_generator":{"engine":"Vulnogram 0.0.9"},"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"psirt@mcafee.com","DATE_PUBLIC":"2020-04-14T00:00:00.000Z","ID":"CVE-2020-7273","STATE":"PUBLIC","TITLE":"Autorun registry bypass"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"McAfee Endpoint Security (ENS)","version":{"version_data":[{"version_affected":"<","version_name":"10.x","version_value":"10.7.0 April 2020 Update"}]}}]},"vendor_name":"McAfee LLC"}]}},"credit":[{"lang":"eng","value":"McAfee credits Dávid Müller for reporting this flaw"}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Accessing functionality not properly constrained by ACLs vulnerability in the autorun start-up protection in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to delete or rename programs in the autorun key via manipulation of some parameters."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":6.7,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:H","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-269 Improper Privilege Management"}]}]},"references":{"reference_data":[{"name":"https://kc.mcafee.com/corporate/index?page=content&id=SB10309","refsource":"CONFIRM","url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10309"}]},"source":{"discovery":"EXTERNAL"}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T09:25:48.957Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10309"}]}]},"cveMetadata":{"assignerOrgId":"01626437-bf8f-4d1c-912a-893b5eb04808","assignerShortName":"trellix","cveId":"CVE-2020-7273","datePublished":"2020-04-15T11:35:14.363Z","dateReserved":"2020-01-21T00:00:00.000Z","dateUpdated":"2024-09-16T16:32:41.543Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}