CVE-2020-7251Improperly Implemented Security Check for Standard in LLC Mcafee Endpoint Security

CWE-358Improperly Implemented Security Check for StandardCWE-863Incorrect Authorization3 documents3 sources
Severity
5.5MEDIUMNVD
CNA5.0
EPSS
0.1%
top 68.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mcafee LLC Mcafee Endpoint SecurityMcafee Endpoint Security
Timeline
PublishedFeb 14
Latest updateMay 24

Description

Improper access control vulnerability in Configuration Tool in McAfee Mcafee Endpoint Security (ENS) Prior to 10.6.1 February 2020 Update allows local users to disable security features via unauthorised use of the configuration tool from older versions of ENS.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5mcafee_llc/mcafee_endpoint_security10.6.x10.6.1 February 2020 update

🔴Vulnerability Details

2
GHSA
GHSA-5qr7-8ch4-q94w: Improper access control vulnerability in Configuration Tool in McAfee Mcafee Endpoint Security (ENS) Prior to 102022-05-24
CVEList
ESConfig Tool able to edit configuration for newer version2020-02-14
CVE-2020-7251 — MEDIUM severity | cvebase