CVE-2020-7308 MEDIUM

CVE-2020-7308: Transmission of data in clear text by McAfee ENS

Vendor Mcafee,Llc
Product McAfee Endpoint Security (ENS) for WIndows
Weakness CWE-319 · Cleartext transmission
Published April 15, 2021
Last update August 4, 2024

CVSS base score

4.8/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

Cleartext Transmission of Sensitive Information between McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update and McAfee Global Threat Intelligence (GTI) servers using DNS allows a remote attacker to view the requests from ENS and responses from GTI over DNS. By gaining control of an intermediate DNS server or altering the network DNS configuration, it is possible for an attacker to intercept requests and send their own responses.

Key dates

02Disclosure timeline

April 15, 2021 CVE published
August 4, 2024 Record updated