Global infos:

Authentication Protection Bypass vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows physical local users to bypass the Windows lock screen via triggering certain detection events while the computer screen is locked and the McTray.exe is running with elevated privileges. This issue is timing dependent and requires physical access to the machine.

CVE Status: Modified

References:

[email protected]

af854a3a-2127-422b-91ae-364da2661108

Metrics:

Attribute	Value
Attack Complexity	HIGH
Attack Vector	PHYSICAL
Availability Impact	LOW
Base Score	6.9
Base Severity	MEDIUM
Confidentiality Impact	HIGH
Integrity Impact	HIGH
Privileges Required	NONE
Scope	CHANGED
User Interaction	REQUIRED
Vector String	CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L
Exploitability Score	0.4
Impact Score	6
Source	[email protected]
Type	Secondary

Links:

Exploit-db
Github