CVE-2020-7308

CWE-319Cleartext Transmission4 documents4 sources
Severity
6.5MEDIUM
EPSS
0.1%
top 74.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mcafee,llc Mcafee Endpoint Security (ens) FOR WindowsMcafee Endpoint Security
Timeline
PublishedApr 15
Latest updateMay 24

Description

Cleartext Transmission of Sensitive Information between McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update and McAfee Global Threat Intelligence (GTI) servers using DNS allows a remote attacker to view the requests from ENS and responses from GTI over DNS. By gaining control of an intermediate DNS server or altering the network DNS configuration, it is possible for an attacker to intercept requests and send their own responses.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 2.2 | Impact: 2.5

Affected Packages2 packages

CVEListV5mcafee,llc/mcafee_endpoint_security_(ens)_for_windowsunspecified10.7.0 February 2021 Update

🔴Vulnerability Details

2
GHSA
GHSA-xhp8-xqff-cr9g: Cleartext Transmission of Sensitive Information between McAfee Endpoint Security (ENS) for Windows prior to 102022-05-24
CVEList
Transmission of data in clear text by McAfee ENS2021-04-15
CVE-2020-7308 (MEDIUM CVSS 6.5) | Cleartext Transmission of Sensitive | cvebase.io