CVE-2021-23878 HIGH

CVE-2021-23878: Clear text storage of sensitive Information in ENS

Vendor Mcafee Llc
Product Endpoint Security (ENS) for Windows
Weakness CWE-312 · Cleartext storage
Published February 10, 2021
Last update September 16, 2024

CVSS base score

7.3/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Clear text storage of sensitive Information in memory vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows a local user to view ENS settings and credentials via accessing process memory after the ENS administrator has performed specific actions. To exploit this, the local user has to access the relevant memory location immediately after an ENS administrator has made a configuration change through the console on their machine

Key dates

02Disclosure timeline

February 10, 2021 CVE published
September 16, 2024 Record updated