CVE-2020-7251

Published: Feb 14, 2020Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Improper access control vulnerability in Configuration Tool in McAfee Mcafee Endpoint Security (ENS) Prior to 10.6.1 February 2020 Update allows local users to disable security features via unauthorised use of the configuration tool from older versions of ENS.

Affected (1)

Products: Mcafee: Endpoint Security

1 product

Endpoint Security

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mcafee Endpoint Security	Before 10.6.1

Related CWEs

Improperly Implemented Security Check for Standard

The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (2)

https://kc.mcafee.com/corporate/index?page=content&id=SB10299

Source: trellixpsirt@trellix.com

https://kc.mcafee.com/corporate/index?page=content&id=SB10299

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.