Описание
Improper access control vulnerability in ESconfigTool.exe in McAfee Endpoint Security (ENS) for Windows all current versions allows local administrator to alter ENS configuration up to and including disabling all protection offered by ENS via insecurely implemented encryption of configuration for export and import.
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:mcafee:endpoint_security:10.5.0:*:*:*:*:windows:*:*
cpe:2.3:a:mcafee:endpoint_security:10.5.1:*:*:*:*:windows:*:*
cpe:2.3:a:mcafee:endpoint_security:10.5.2:*:*:*:*:windows:*:*
cpe:2.3:a:mcafee:endpoint_security:10.5.3:*:*:*:*:windows:*:*
cpe:2.3:a:mcafee:endpoint_security:10.5.4:*:*:*:*:windows:*:*
cpe:2.3:a:mcafee:endpoint_security:10.5.5:*:*:*:*:windows:*:*
cpe:2.3:a:mcafee:endpoint_security:10.6.0:*:*:*:*:windows:*:*
cpe:2.3:a:mcafee:endpoint_security:10.6.1:*:*:*:*:windows:*:*
cpe:2.3:a:mcafee:endpoint_security:10.7.0:*:*:*:*:windows:*:*
EPSS
Процентиль: 11%
0.00039
Низкий
6.5 Medium
CVSS3
6.7 Medium
CVSS3
4.6 Medium
CVSS2
Дефекты
CWE-264
CWE-732
Связанные уязвимости
CVSS3: 6.7
github
больше 3 лет назад
Improper access control vulnerability in ESConfigTool.exe in ENS for Windows all current versions allows a local administrator to alter the ENS configuration up to and including disabling all protection offered by ENS via insecurely implemented encryption of configuration for export and import.
EPSS
Процентиль: 11%
0.00039
Низкий
6.5 Medium
CVSS3
6.7 Medium
CVSS3
4.6 Medium
CVSS2
Дефекты
CWE-264
CWE-732