Описание
Authentication bypass vulnerability in MfeUpgradeTool in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 Update allows administrator users to access policy settings via running this tool.
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:mcafee:endpoint_security:10.5.0:*:*:*:*:windows:*:*
cpe:2.3:a:mcafee:endpoint_security:10.5.1:*:*:*:*:windows:*:*
cpe:2.3:a:mcafee:endpoint_security:10.5.2:*:*:*:*:windows:*:*
cpe:2.3:a:mcafee:endpoint_security:10.5.3:*:*:*:*:windows:*:*
cpe:2.3:a:mcafee:endpoint_security:10.5.4:*:*:*:*:windows:*:*
cpe:2.3:a:mcafee:endpoint_security:10.5.5:*:*:*:*:windows:*:*
cpe:2.3:a:mcafee:endpoint_security:10.6.0:*:*:*:*:windows:*:*
EPSS
Процентиль: 14%
0.00046
Низкий
6.4 Medium
CVSS3
6.7 Medium
CVSS3
4.6 Medium
CVSS2
Дефекты
CWE-287
CWE-287
Связанные уязвимости
github
больше 3 лет назад
Authentication bypass vulnerability in MfeUpgradeTool in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 Update allows administrator users to access policy settings via running this tool.
EPSS
Процентиль: 14%
0.00046
Низкий
6.4 Medium
CVSS3
6.7 Medium
CVSS3
4.6 Medium
CVSS2
Дефекты
CWE-287
CWE-287