CVE-2020-7278

Summary

Exploiting incorrectly configured access control security levels vulnerability in ENS Firewall in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 and 10.6.1 April 2020 updates allows remote attackers and local users to allow or block unauthorized traffic via pre-existing rules not being handled correctly when updating to the February 2020 updates.

Affected Software

VendorProductVersion RangeStatus
McAfee LLCMcAfee Endpoint Security (ENS)10.7.x < 10.7.0 April 2020 Updateaffected
McAfee LLCMcAfee Endpoint Security (ENS)10.6.x < 10.6.1 April 2020 Updateaffected

Weaknesses

  • CWE-284: CWE-284 Improper Access Control

ADP Enrichment

CVE Program Container

Additional References

References