CVE-2020-7263
MEDIUMMcafee Endpoint Security - Incorrect Permission Assignment
Title source: ruleDescription
Improper access control vulnerability in ESconfigTool.exe in McAfee Endpoint Security (ENS) for Windows all current versions allows local administrator to alter ENS configuration up to and including disabling all protection offered by ENS via insecurely implemented encryption of configuration for export and import.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10314
Scores
CVSS v3
6.5
EPSS
0.0004
EPSS Percentile
11.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-264
CWE-732
Status
published
Products (9)
mcafee/endpoint_security
10.5.0
mcafee/endpoint_security
10.5.1
mcafee/endpoint_security
10.5.2
mcafee/endpoint_security
10.5.3
mcafee/endpoint_security
10.5.4
mcafee/endpoint_security
10.5.5
mcafee/endpoint_security
10.6.0
mcafee/endpoint_security
10.6.1
mcafee/endpoint_security
10.7.0
Published
Apr 01, 2020
Tracked Since
Feb 18, 2026