Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-7308

Опубликовано: 15 апр. 2021
Источник: nvd
CVSS3: 4.8
CVSS3: 6.5
CVSS2: 6.4
EPSS Низкий

Описание

Cleartext Transmission of Sensitive Information between McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update and McAfee Global Threat Intelligence (GTI) servers using DNS allows a remote attacker to view the requests from ENS and responses from GTI over DNS. By gaining control of an intermediate DNS server or altering the network DNS configuration, it is possible for an attacker to intercept requests and send their own responses.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:mcafee:endpoint_security:*:*:*:*:*:windows:*:*
Версия до 10.6.1 (включая)
cpe:2.3:a:mcafee:endpoint_security:10.6.1:-:*:*:*:windows:*:*
cpe:2.3:a:mcafee:endpoint_security:10.6.1:april_2020:*:*:*:windows:*:*
cpe:2.3:a:mcafee:endpoint_security:10.6.1:december_2018:*:*:*:windows:*:*
cpe:2.3:a:mcafee:endpoint_security:10.6.1:december_2019:*:*:*:windows:*:*
cpe:2.3:a:mcafee:endpoint_security:10.6.1:february_2019:*:*:*:windows:*:*
cpe:2.3:a:mcafee:endpoint_security:10.6.1:february_2020:*:*:*:windows:*:*
cpe:2.3:a:mcafee:endpoint_security:10.6.1:july_2019:*:*:*:windows:*:*
cpe:2.3:a:mcafee:endpoint_security:10.6.1:july_2020:*:*:*:windows:*:*
cpe:2.3:a:mcafee:endpoint_security:10.6.1:may_2019:*:*:*:windows:*:*
cpe:2.3:a:mcafee:endpoint_security:10.6.1:november_2018:*:*:*:windows:*:*
cpe:2.3:a:mcafee:endpoint_security:10.6.1:november_2020:*:*:*:windows:*:*
cpe:2.3:a:mcafee:endpoint_security:10.6.1:october_2019:*:*:*:windows:*:*
cpe:2.3:a:mcafee:endpoint_security:10.6.1:september_2020:*:*:*:windows:*:*
cpe:2.3:a:mcafee:endpoint_security:10.7.0:february_2020:*:*:*:windows:*:*
cpe:2.3:a:mcafee:endpoint_security:10.7.0:july_2020:*:*:*:windows:*:*
cpe:2.3:a:mcafee:endpoint_security:10.7.0:november_2020:*:*:*:windows:*:*
cpe:2.3:a:mcafee:endpoint_security:10.7.0:september_2020:*:*:*:windows:*:*

EPSS

Процентиль: 26%
0.00091
Низкий

4.8 Medium

CVSS3

6.5 Medium

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-319
CWE-319

Связанные уязвимости

github логотип

GHSA-xhp8-xqff-cr9g

CVSS3: 6.5
github
больше 3 лет назад

Cleartext Transmission of Sensitive Information between McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update and McAfee Global Threat Intelligence (GTI) servers using DNS allows a remote attacker to view the requests from ENS and responses from GTI over DNS. By gaining control of an intermediate DNS server or altering the network DNS configuration, it is possible for an attacker to intercept requests and send their own responses.

EPSS

Процентиль: 26%
0.00091
Низкий

4.8 Medium

CVSS3

6.5 Medium

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-319
CWE-319