ENS configuration can be edited by attacker with local administrator permissions
CVE-2020-7263

6.5MEDIUM

Key Information:

Vendor: Mcafee, Llc
Status: Endpoint Security (ens) For Window
Vendor: CVE Published:; 1 April 2020

Summary

Improper access control vulnerability in ESconfigTool.exe in McAfee Endpoint Security (ENS) for Windows all current versions allows local administrator to alter ENS configuration up to and including disabling all protection offered by ENS via insecurely implemented encryption of configuration for export and import.

Affected Version(s)

Endpoint Security (ENS) for Window 10.7.x

Endpoint Security (ENS) for Window 10.6.x

References

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 1, 2020
Vulnerability Reserved
Jan 21, 2020

Credit

McAfee credits Donny Maasland from Fox-IT for reporting this flaw.