CVE-2020-7278Improper Access Control in LLC Mcafee Endpoint Security

CWE-284Improper Access ControlCWE-862Missing Authorization3 documents3 sources
Severity
6.5MEDIUMNVD
CNA7.4
EPSS
0.2%
top 63.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mcafee LLC Mcafee Endpoint SecurityMcafee Endpoint Security
Timeline
PublishedApr 15
Latest updateMay 24

Description

Exploiting incorrectly configured access control security levels vulnerability in ENS Firewall in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 and 10.6.1 April 2020 updates allows remote attackers and local users to allow or block unauthorized traffic via pre-existing rules not being handled correctly when updating to the February 2020 updates.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5mcafee_llc/mcafee_endpoint_security10.7.x10.7.0 April 2020 Update+1
NVDmcafee/endpoint_security7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-988q-42c6-39xw: Exploiting incorrectly configured access control security levels vulnerability in ENS Firewall in McAfee Endpoint Security (ENS) for Windows prior to2022-05-24
CVEList
McAfee firewall rules not enforced correctly2020-04-15
CVE-2020-7278 — Improper Access Control | cvebase