admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Publish CVE-2020-7263

Browse Source 
SB is live
This commit is contained in:
Swayam Sarangi 2020-04-01 12:07:46 +05:30 committed by GitHub
parent cd2adef555
commit 52066d16d9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 90 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

98
2020/7xxx/CVE-2020-7263.json
View File

@ -1,18 +1,100 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"DATE_PUBLIC": "2020-03-31T00:00:00.000Z",
"ID": "CVE-2020-7263",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Attacker can edit the ENS configuration with local administrator permissions"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Endpoint Security (ENS) for Windows",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "10.x",
"version_value": " 10.7.0 February 2020 Update"
}
]
}
}
]
},
"vendor_name": "McAfee, LLC"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "McAfee credits Donny Maasland from Fox-IT for reporting this flaw."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper access control vulnerability in ESConfigTool.exe in ENS for Windows all current versions allows a local administrator to alter the ENS configuration up to and including disabling all protection offered by ENS via insecurely implemented encryption of configuration for export and import."
}
]
}
}
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264 Permissions, Privileges, and Access Controls"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10314",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10314"
}
]
},
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "For ENS installations that ePO manages, you can enable 'Standard access' or 'Lock client Interface' for all your installations centrally. This configuration is done through the Policy Catalog. For ENS installations that ePO does not manage, you can enable 'Standard access' or 'Lock client Interface' through the local control User Interface for each installation. These are detailed out in the security bulletin."
}
]
}