CVE-2020-7263

Published Apr 1, 2020

Last updated a year ago

Overview

Description: Improper access control vulnerability in ESconfigTool.exe in McAfee Endpoint Security (ENS) for Windows all current versions allows local administrator to alter ENS configuration up to and including disabling all protection offered by ENS via insecurely implemented encryption of configuration for export and import.
Source: trellixpsirt@trellix.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.7
Impact score: 5.9
Exploitability score: 0.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4.6
Impact score: 6.4
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-732
trellixpsirt@trellix.com: CWE-264

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mcafee:endpoint_security:10.5.0:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6AC514CA-D094-433D-9561-99048D43902F"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:endpoint_security:10.5.1:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1B7AE3E9-DDCE-4119-B57D-B3D471E05B16"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:endpoint_security:10.5.2:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "603FE358-FADA-4FE6-B3F2-169D032A57E9"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:endpoint_security:10.5.3:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "66461D42-AE21-41B3-9FCB-3F6D09AC323E"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:endpoint_security:10.5.4:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DCC441CF-5EA0-41C1-AE15-6672FF20B73A"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:endpoint_security:10.5.5:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A6551AB4-1B0F-4EE3-8ED1-99413E3F19DD"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:endpoint_security:10.6.0:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "94732038-F35D-41AB-A550-E6F5FF9004DF"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:endpoint_security:10.6.1:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6D911059-4665-44AB-AE6A-E296A86F00AA"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:endpoint_security:10.7.0:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9D9F994B-0724-4351-8BF8-836A0A89837A"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Configurations

References