How severe is CVE-2020-7255?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.4 out of 10.

What type of vulnerability is CVE-2020-7255?

This is classified as CWE-264, which is a common weakness in software security.

CVE-2020-7255 - MEDIUM Severity | CVSS 4.4

Vulnerability Description

Privilege escalation vulnerability in the administrative user interface in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to gain elevated privileges via ENS not checking user permissions when editing configuration in the ENS client interface. Administrators can lock the ENS client interface through ePO to prevent users being able to edit the configuration.

Related Vulnerabilities

CVE-2016-4686

MEDIUM

CVSS:4.4(Medium)

An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "Contacts" component, which does not prevent an app's Address Book access after access revocation...

CWE-2642016

CVE-2016-5087

MEDIUM

CVSS:4.4(Medium)

Alertus Desktop Notification before 2.9.31.1710 on OS X uses weak permissions for configuration files and unspecified other files, which allows local users to suppress emergency notifications or chang...

CWE-2642016

CVE-2016-8006

MEDIUM

CVSS:4.4(Medium)

Authentication bypass vulnerability in Enterprise Security Manager (ESM) and License Manager (LM) in Intel Security McAfee Security Information and Event Management (SIEM) 9.6.0 MR3 allows an administ...

CWE-2642016

CVE-2021-25482

MEDIUM

CVSS:4.4(Medium)

SQL injection vulnerabilities in CMFA framework prior to SMR Oct-2021 Release 1 allow untrusted application to overwrite some CMFA framework information.

CWE-2642021

CVE-2016-4381

MEDIUM

CVSS:4.5(Medium)

HPE XP7 Command View Advanced Edition (CVAE) Suite 6.x through 8.x before 8.4.1-02, when Replication Manager (RepMgr) and Device Manager (DevMgr) are enabled, allows local users to bypass intended acc...

CWE-2642016

CVE-2016-5991

MEDIUM

CVSS:4.5(Medium)

IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 on Windows allows local users to gain privileges via unspecified vectors.

CWE-2642016