CVE-2020-7278
Last modified
CVE-2020-7278 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. Exploiting incorrectly configured access control security levels vulnerability in ENS Firewall in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 and 10.6.1 April 2020 updates allows remote attackers and local users to allow or block unauthorized traffic via pre-existing rules not being handled correctly when updating to the February 2020 updates.. EPSS estimates a 0.64% chance of exploitation in the next 30 days.
Description
Exploiting incorrectly configured access control security levels vulnerability in ENS Firewall in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 and 10.6.1 April 2020 updates allows remote attackers and local users to allow or block unauthorized traffic via pre-existing rules not being handled correctly when updating to the February 2020 updates.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mcafee | Endpoint Security | 10.5.0 |
| Mcafee | Endpoint Security | 10.5.1 |
| Mcafee | Endpoint Security | 10.5.2 |
| Mcafee | Endpoint Security | 10.5.3 |
| Mcafee | Endpoint Security | 10.5.4 |
| Mcafee | Endpoint Security | 10.5.5 |
| Mcafee | Endpoint Security | 10.6.0 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-7278?
How severe is CVE-2020-7278?
How do I fix CVE-2020-7278?
Are you affected by CVE-2020-7278?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST