CVE-2020-7263Incorrect Permission Assignment in LLC Endpoint Security FOR Window

CWE-264CWE-732Incorrect Permission Assignment4 documents4 sources
Severity
6.7MEDIUMNVD
CNA6.5
EPSS
0.0%
top 88.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mcafee LLC Endpoint Security FOR WindowMcafee Endpoint Security
Timeline
PublishedApr 1
Latest updateMay 24

Description

Improper access control vulnerability in ESconfigTool.exe in McAfee Endpoint Security (ENS) for Windows all current versions allows local administrator to alter ENS configuration up to and including disabling all protection offered by ENS via insecurely implemented encryption of configuration for export and import.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5mcafee_llc/endpoint_security_for_window10.7.xENS 10.7.0 July 2020 Update+1
NVDmcafee/endpoint_security9 versions+8

🔴Vulnerability Details

2
GHSA
GHSA-h6wp-xwgx-g8g4: Improper access control vulnerability in ESConfigTool2022-05-24
CVEList
ENS configuration can be edited by attacker with local administrator permissions2020-04-01

💬Community

1
Bugzilla
CVE-2018-7263 libmad: Double-free in the mad_decoder_run() function2018-02-21
CVE-2020-7263 — Incorrect Permission Assignment | cvebase