CVE-2020-7308
Last modified
CVE-2020-7308 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. Cleartext Transmission of Sensitive Information between McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update and McAfee Global Threat Intelligence (GTI) servers using DNS allows a remote attacker to view the requests from ENS and responses from GTI over DNS. By gaining control of an intermediate DNS server or altering the network DNS configuration, it is possible for an attacker to intercept requests and send their own responses.. EPSS estimates a 0.51% chance of exploitation in the next 30 days.
Description
Cleartext Transmission of Sensitive Information between McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update and McAfee Global Threat Intelligence (GTI) servers using DNS allows a remote attacker to view the requests from ENS and responses from GTI over DNS. By gaining control of an intermediate DNS server or altering the network DNS configuration, it is possible for an attacker to intercept requests and send their own responses.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Mcafee | Endpoint Security | <= 10.6.1 | — |
| Mcafee | Endpoint Security | 10.6.1 | — |
| Mcafee | Endpoint Security | 10.7.0 | February 2020 |
References
- https://kc.mcafee.com/corporate/index?page=content&id=SB10354Broken Link, Vendor Advisory
- https://kc.mcafee.com/corporate/index?page=content&id=SB10354Broken Link, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-7308?
How severe is CVE-2020-7308?
How do I fix CVE-2020-7308?
Are you affected by CVE-2020-7308?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST