CVE-2020-7251

MEDIUM

McAfee ENS <10.6.1 - Info Disclosure

Title source: llm

Description

Improper access control vulnerability in Configuration Tool in McAfee Mcafee Endpoint Security (ENS) Prior to 10.6.1 February 2020 Update allows local users to disable security features via unauthorised use of the configuration tool from older versions of ENS.

References (1)

[Vendor Advisory] https://kc.mcafee.com/corporate/index?page=content&id=SB10299

Scores

CVSS v3 5.0

EPSS 0.0012

EPSS Percentile 30.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N

Details

CWE

CWE-358 CWE-863

Status published

Products (1)

mcafee/endpoint_security < 10.6.1

Published Feb 14, 2020

Tracked Since Feb 18, 2026