PT-2020-19499 · Mcafee · Mcafee Endpoint Security

Published

2020-02-14

Updated

2020-02-27

CVE-2020-7251

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions McAfee Endpoint Security (ENS) versions prior to 10.6.1 February 2020 Update

Description The issue is related to an improper access control vulnerability in the Configuration Tool of McAfee Endpoint Security (ENS). This vulnerability allows local users to disable security features by making unauthorized use of the configuration tool from older versions of ENS.

Recommendations For versions prior to 10.6.1 February 2020 Update, update to the February 2020 Update or a later version to resolve the issue. As a temporary workaround, consider restricting access to the Configuration Tool to prevent unauthorized use.

Fix

Incorrect Authorization

Improperly Implemented Security Check for Standard

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-358

Related Identifiers

CVE-2020-7251

Affected Products

Mcafee Endpoint Security

PT-2020-19499 · Mcafee · Mcafee Endpoint Security

CVE-2020-7251

Weakness Enumeration

Related Identifiers

Affected Products

References · 3