TrellixCVELIST:CVE-2020-7263CVE-2020-7263 ENS configuration can be edited by attacker with local administrator permissions
6.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
12.7%
Improper access control vulnerability in ESconfigTool.exe in McAfee Endpoint Security (ENS) for Windows all current versions allows local administrator to alter ENS configuration up to and including disabling all protection offered by ENS via insecurely implemented encryption of configuration for export and import.
CNA Affected
[
{
"product": "Endpoint Security (ENS) for Window",
"vendor": "McAfee, LLC",
"versions": [
{
"lessThanOrEqual": "ENS 10.7.0 July 2020 Update",
"status": "affected",
"version": "10.7.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "ENS 10.6.1 July 2020 Update",
"status": "affected",
"version": "10.6.x",
"versionType": "custom"
}
]
}
]Related
6.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
12.7%