Lucene search
K
McafeeEndpoint Security

37 matches found

CVE
CVE
added 2020/11/12 9:40 a.m.97 views

CVE-2020-7331

CVE-2020-7331 describes an issue in McAfee Endpoint Security (ENS) for Windows, where an unquoted service executable path in ENS prior to the 10.7.0 November 2020 Update allows a local user to cause a denial of service and execute malicious files by placing a crafted executable. Public sources (N...

7.8CVSS7.5AI score0.00399EPSS
CVE
CVE
added 2017/03/14 10:0 p.m.81 views

CVE-2016-8010

CVE-2016-8010 affects McAfee Application Control (MAC) v7.0 and earlier and McAfee Endpoint Security (ENS) v10.2 and earlier. Description: a vulnerability allows a local attacker to bypass local security protections via a command‑line utility. The connected documents confirm affected products and...

7.8CVSS7.3AI score0.00274EPSS
CVE
CVE
added 2021/02/10 9:10 a.m.73 views

CVE-2021-23878

CVE-2021-23878 affects McAfee Endpoint Security for Windows prior to 10.7.0 (Feb 2021 Update). The issue is clear-text storage of sensitive information in memory, enabling a local user to view ENS settings and credentials by reading process memory shortly after an administrator applies a configur...

7.3CVSS5.9AI score0.00616EPSS
CVE
CVE
added 2021/02/10 10:30 a.m.72 views

CVE-2021-23881

CVE-2021-23881 is a stored XSS vulnerability in the ePO extension of McAfee Endpoint Security (ENS) for Windows, present before the 10.7.0 February 2021 Update. The issue allows an ENS ePO administrator to inject a script into a policy event that will run through a browser block page when a local...

4.8CVSS5.2AI score0.00637EPSS
CVE
CVE
added 2021/09/17 1:40 p.m.72 views

CVE-2021-31843

CVE-2021-31843 affects McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 Sept 2021 Update. The vulnerability is due to improper privileges management that allows a local user to access files they normally cannot by manipulating junction links to redirect McAfee folder operations to an un...

7.8CVSS7.6AI score0.00299EPSS
CVE
CVE
added 2020/04/15 12:45 p.m.71 views

CVE-2020-7250

Affected product: McAfee Endpoint Security for Windows (ENS) prior to 10.7.0 February 2020 Update. Vulnerability: Symbolic link manipulation that lets an authenticated local user escalate privileges by crafting symbolic links in the ENS log file directory to target files the user typically cannot...

8.2CVSS8AI score0.00391EPSS
CVE
CVE
added 2020/02/14 2:50 p.m.66 views

CVE-2020-7251

The CVE-2020-7251 issue affects McAfee Endpoint Security (ENS) for Windows specifically its Configuration Tool. The root cause is improper access control in the Configuration Tool prior to ENS 10.6.1 (February 2020 Update), enabling local users to disable security features via unauthorized use of...

5.5CVSS5.2AI score0.00215EPSS
CVE
CVE
added 2016/04/08 3:0 p.m.65 views

CVE-2016-3984

CVE-2016-3984 affects McAfee VirusScan Console and multiple McAfee components (MAR, MA, DXL, DLPe, MDC, ENS, IPS, VSE) on Windows. Local administrators can bypass self-protection rules and disable the antivirus engine by modifying registry keys. Impact: partial to full antivirus disablement; CVSS...

5.1CVSS5AI score0.01131EPSS
CVE
CVE
added 2019/10/09 2:21 p.m.64 views

CVE-2019-3652

CVE-2019-3652 is a local code-injection vulnerability in McAfee Endpoint Security (ENS) for Windows, caused by EPSetup.exe. It allows a local attacker with access to the ENS installer to inject and execute malicious code during installation. Affected versions are prior to 10.6.1 (October 2019 Upd...

5.3CVSS5.5AI score0.00325EPSS
CVE
CVE
added 2020/04/15 11:20 a.m.63 views

CVE-2020-7276

CVE-2020-7276 affects McAfee Endpoint Security (ENS) for Windows before 10.7.0 April 2020 Update. The vulnerability is an authentication bypass in the MfeUpgradeTool that lets administrator users access policy settings by running the tool. Impact is exposure/ modification of policy settings by pr...

6.7CVSS6.8AI score0.00281EPSS
CVE
CVE
added 2020/04/15 11:55 a.m.62 views

CVE-2020-7259

The CVE-2020-7259 entry concerns McAfee Endpoint Security (ENS) for Windows and describes a privilege/trust bypass via a crafted input file in ENS prior to 10.7.0 February 2020 Update. Connected docs indicate related issues in the same ENS release family and list fixes in 10.7.0 (April 2020 Updat...

7.8CVSS6.8AI score0.00239EPSS
CVE
CVE
added 2020/04/01 6:40 a.m.61 views

CVE-2020-7263

CVE-2020-7263 concerns an improper access control vulnerability in McAfee Endpoint Security (ENS) for Windows, affecting ESConfigTool.exe across all current versions. The issue allows a local administrator to alter ENS configuration, up to and including disabling all protection, due to insecurely...

6.7CVSS6.4AI score0.00168EPSS
CVE
CVE
added 2021/02/10 9:15 a.m.61 views

CVE-2021-23880

CVE-2021-23880 affects McAfee Endpoint Security (ENS) for Windows pre-10.7.0 February 2021 Update. An attribute in ENS allows an authenticated local administrator to uninstall the anti‑malware engine by executing a specific command with correct parameters (improper access control). Public sources...

6.7CVSS5.1AI score0.00291EPSS
CVE
CVE
added 2021/02/10 9:20 a.m.61 views

CVE-2021-23882

CVE-2021-23882 affects McAfee Endpoint Security (ENS) for Windows prior to the 10.7.0 February 2021 Update. The issue is an Improper Access Control vulnerability that lets local administrators prevent installation of some ENS files by placing crafted files in the install location. It is described...

8.2CVSS5.6AI score0.00288EPSS
CVE
CVE
added 2019/10/09 2:21 p.m.60 views

CVE-2019-3653

CVE-2019-3653 describes an improper access-control vulnerability in the Configuration tool of McAfee Endpoint Security (ENS). Affected are ENS versions prior to 10.6.1 (October 2019 Update) with local users able to gain access to security configuration via unauthorized use of the Configuration to...

5.5CVSS5.1AI score0.00231EPSS
CVE
CVE
added 2020/05/08 11:50 a.m.60 views

CVE-2020-7265

CVE-2020-7265 affects McAfee Endpoint Security (ENS) for Mac, prior to 10.6.9. A local attacker can escalate privileges by abusing symbolic links to redirect a McAfee delete operation to an unintended file, enabling deletion of files the user otherwise could not access. Root cause is manipulation...

8.8CVSS8.1AI score0.0025EPSS
CVE
CVE
added 2021/04/15 7:40 a.m.57 views

CVE-2020-7308

The CVE-2020-7308 issue affects McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update, where cleartext transmission of sensitive information occurs between ENS and McAfee GTI servers over DNS. The root cause is the use of DNS for transmitting requests/responses in cleart...

6.5CVSS5.8AI score0.00509EPSS
CVE
CVE
added 2020/05/08 11:45 a.m.56 views

CVE-2020-7264

CVE-2020-7264 affects McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 Hotfix 199847. The issue is a privilege-escalation in which local users can delete files they would not normally access by manipulating symbolic links to redirect a McAfee delete action to an unintended file. Root ca...

8.8CVSS8.2AI score0.0025EPSS
CVE
CVE
added 2021/02/10 9:25 a.m.56 views

CVE-2021-23883

This entry describes CVE-2021-23883: a Null Pointer Dereference in McAfee Endpoint Security (ENS) for Windows prior to the 10.7.0 February 2021 Update. The flaw allows a local administrator to crash Windows by invoking a specific system call that is not handled correctly, with impact described as...

4.9CVSS4.7AI score0.00272EPSS
CVE
CVE
added 2021/09/17 1:35 p.m.56 views

CVE-2021-31842

The CVE-2021-31842 issue affects McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 (Sept 2021 Update). The root cause is an XML Entity Expansion injection in EPDeploy.xml processing, enabling a local user to trigger high CPU and memory usage and cause a Denial of Service. Documents consi...

5.5CVSS5.5AI score0.0022EPSS
CVE
CVE
added 2018/04/03 10:0 p.m.54 views

CVE-2017-4028

CVE-2017-4028 describes a registry misconfiguration vulnerability that affects all Microsoft Windows products within McAfee consumer and corporate offerings. The underlying issue is manipulation of registry parameters to inject arbitrary code into a debugged McAfee process, granting local access ...

5CVSS5AI score0.00537EPSS
CVE
CVE
added 2020/04/15 11:30 a.m.53 views

CVE-2020-7274

CVE-2020-7274 affects McAfee Endpoint Security for Windows, specifically the McTray.exe component. The vulnerability exists in versions prior to 10.7.0 (April 2020 Update) where local users can request elevated privileges for McTray.exe and, if granted by an administrator, spawn unrelated process...

7.8CVSS7.2AI score0.00224EPSS
CVE
CVE
added 2020/09/09 9:35 a.m.53 views

CVE-2020-7323

McAfee Endpoint Security (ENS) for Windows is affected up to version 10.7.0. The issue is an Authentication Protection Bypass where a local, physically present attacker can bypass the Windows lock screen by triggering certain ENS detection events while McTray.exe is running with elevated privileg...

6.9CVSS6.4AI score0.00329EPSS
CVE
CVE
added 2020/09/09 9:15 a.m.52 views

CVE-2020-7319

CVE-2020-7319 affects McAfee Endpoint Security (ENS) for Windows prior to 10.7.0. The root issue is improper access control allowing local users to access files they should not reach by manipulating symbolic links that redirect McAfee file operations to unintended files. Impact indicators from th...

8.8CVSS8.4AI score0.0039EPSS
CVE
CVE
added 2020/04/15 11:30 a.m.51 views

CVE-2020-7275

CVE-2020-7275 affects McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 Update. The vulnerability resides in the ENS uninstaller, where an input file can be crafted by a local attacker to access, modify, or execute arbitrary code. Impact is local: code execution with the attac...

5.3CVSS6.1AI score0.00307EPSS
CVE
CVE
added 2020/04/15 11:20 a.m.50 views

CVE-2020-7277

CVE-2020-7277 (McAfee Endpoint Security for Windows) is a local-privilege issue in ENS prior to the 10.7.0 April 2020 Update. The vulnerability is a protection mechanism failure that allows local users to stop certain ENS processes, reducing protection. Connected sources (SB10309) confirm affecte...

6.8CVSS5.8AI score0.00269EPSS
CVE
CVE
added 2020/11/12 9:45 a.m.50 views

CVE-2020-7332

CVE-2020-7332 is a CSRF in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update. The root cause is an incorrect security configuration that allows an attacker to execute arbitrary HTML code. Affected product: McAfee ENS with the firewall ePO extension ...

8.8CVSS8.2AI score0.00581EPSS
CVE
CVE
added 2020/11/12 9:50 a.m.50 views

CVE-2020-7333

CVE-2020-7333 is a cross-site scripting vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) for Windows, present in versions prior to 10.7.0 (November 2020 Update). The vulnerability allows an attacker with admin access to inject arbitrary web script or HTML via the conf...

4.8CVSS5.3AI score0.00511EPSS
CVE
CVE
added 2020/04/15 11:50 a.m.49 views

CVE-2020-7261

CVE-2020-7261 affects McAfee Endpoint Security (ENS) in the AMSI component. A buffer overflow via environment variables in ENS prior to 10.7.0 (February 2020 Update) can allow a local attacker to disable Endpoint Security by supplying crafted input. The vulnerability is limited to local access (a...

6.1CVSS5.7AI score0.00248EPSS
CVE
CVE
added 2020/04/15 11:35 a.m.49 views

CVE-2020-7273

CVE-2020-7273 concerns McAfee Endpoint Security (ENS) for Windows, where the autorun start-up protection occasionally fails to constrain access via ACLs in the autorun key. The vulnerability allows a local user to delete or rename programs in the autorun key by manipulating parameters, as describ...

6.7CVSS6.1AI score0.00247EPSS
CVE
CVE
added 2020/04/15 12:45 p.m.48 views

CVE-2020-7255

CVE-2020-7255 is a local privilege-escalation vulnerability in the administrative UI of McAfee Endpoint Security (ENS) for Windows , affected in versions prior to 10.7.0 February 2020 Update . The issue arises because ENS does not properly check user permissions when editing configuration via the...

4.4CVSS5.4AI score0.00234EPSS
CVE
CVE
added 2020/09/09 9:30 a.m.48 views

CVE-2020-7322

CVE-2020-7322 affects McAfee Endpoint Security (ENS) for Windows prior to version 10.7.0. The issue is an information-disclosure in which sensitive data could be exposed via incorrect logging of sensitive information in debug logs. Affected product: ENS for Windows; root cause: improper logging. ...

4.7CVSS4.5AI score0.00246EPSS
CVE
CVE
added 2020/04/15 9:25 a.m.47 views

CVE-2020-7278

McAfee Endpoint Security (ENS) Firewall for Windows is affected by CVE-2020-7278 due to an access-control rule handling flaw. The issue arises in ENS versions prior to 10.7.0 (Feb 2020/April 2020 updates) and 10.6.1 (April 2020 update), where pre-existing firewall rules are not properly enforced ...

7.4CVSS6.8AI score0.00636EPSS
CVE
CVE
added 2020/04/15 12:0 p.m.46 views

CVE-2020-7257

CVE-2020-7257 is a local privilege-escalation in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update. The vulnerability arises from symbolic-link manipulation that can let an authenticated local user alter files they normally lack permission to modify, specifically whe...

8.4CVSS6.9AI score0.00252EPSS
CVE
CVE
added 2019/02/28 4:0 p.m.44 views

CVE-2019-3582

CVE-2019-3582 affects McAfee Endpoint Security (ENS) Windows client up to and including version 10.6.1. The connected sources consistently describe a local privilege escalation vulnerability in the Windows client, but do not provide detailed root cause, affected subcomponents, or exact vulnerable...

8.6CVSS7.8AI score0.00382EPSS
CVE
CVE
added 2019/05/15 3:48 p.m.44 views

CVE-2019-3586

CVE-2019-3586 affects McAfee Endpoint Security (ENS) Firewall in the 10.x line prior to 10.6.1. The issue is a protection mechanism failure where GTI-reputation-based decisions do not block connections from IPs flagged by GTI, allowing context-dependent attackers to bypass ENS protections via spe...

7.5CVSS7.5AI score0.00761EPSS
CVE
CVE
added 2020/09/09 9:15 a.m.40 views

CVE-2020-7320

The CVE-2020-7320 issue affects McAfee Endpoint Security (ENS) for Windows prior to 10.7.0. It is described as a Protection Mechanism Failure that lets a local administrator temporarily degrade detection by stopping certain Microsoft services, enabling malware that would otherwise be detected to ...

7.3CVSS6.5AI score0.00258EPSS