Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistTrellixCVELIST:CVE-2020-7308
HistoryApr 15, 2021 - 7:40 a.m.

CVE-2020-7308 Transmission of data in clear text by McAfee ENS

2021-04-1507:40:19
CWE-319
trellix
www.cve.org

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

48.9%

JSON

Cleartext Transmission of Sensitive Information between McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update and McAfee Global Threat Intelligence (GTI) servers using DNS allows a remote attacker to view the requests from ENS and responses from GTI over DNS. By gaining control of an intermediate DNS server or altering the network DNS configuration, it is possible for an attacker to intercept requests and send their own responses.

CNA Affected

[
  {
    "product": "McAfee Endpoint Security (ENS) for WIndows",
    "vendor": "McAfee,LLC",
    "versions": [
      {
        "lessThan": "10.7.0 February 2021 Update",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Related

prion 1
cve 1
nvd 1
prion
prion
Design/Logic Flaw
2021-04-15 08:15:00
cve
cve
CVE-2020-7308
2021-04-15 08:15:14
nvd
nvd
CVE-2020-7308
2021-04-15 08:15:14

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

48.9%

JSON
Related for CVELIST:CVE-2020-7308
prion1cve1nvd1