CVE-2020-7263

Name of the Vulnerable Software and Affected Versions McAfee Endpoint Security (ENS) for Windows (affected versions not specified)

Description The issue is related to an improper access control vulnerability in ESconfigTool.exe, which allows a local administrator to alter the ENS configuration, potentially disabling all protection offered by ENS. This is due to the insecure implementation of encryption for configuration export and import.

Recommendations For all current versions of McAfee Endpoint Security (ENS) for Windows, consider restricting access to the ESconfigTool.exe to prevent unauthorized configuration changes until a proper fix is implemented. As a temporary workaround, limit the privileges of local administrators to minimize the risk of exploitation. Avoid using the insecurely implemented encryption for configuration export and import in ESconfigTool.exe until the issue is resolved.