CVE-2020-7251 MEDIUM

CVE-2020-7251: ESConfig Tool able to edit configuration for newer version

Vendor Mcafee, Llc
Product Mcafee Endpoint Security (ENS)
Weakness CWE-358
Published February 14, 2020
Last update August 4, 2024

CVSS base score

5.0/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction Required
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N

What the vulnerability does

01Description

Improper access control vulnerability in Configuration Tool in McAfee Mcafee Endpoint Security (ENS) Prior to 10.6.1 February 2020 Update allows local users to disable security features via unauthorised use of the configuration tool from older versions of ENS.

Key dates

02Disclosure timeline

February 14, 2020 CVE published
August 4, 2024 Record updated