CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7322 – Exposure of Sensitive Information in ENS for Windows
https://notcve.org/view.php?id=CVE-2020-7322
09 Sep 2020 — Information Disclosure Vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to gain access to sensitive information via incorrectly logging of sensitive information in debug logs. Una vulnerabilidad de divulgación de información en McAfee Endpoint Security (ENS) para Windows versiones anteriores a 10.7.0 Actualización de Septiembre de 2020, permite a usuarios locales obtener acceso a información confidencial mediante el registro incorrecto de i... • https://kc.mcafee.com/corporate/index?page=content&id=SB10327 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7319 – Improper Access Control Vulnerability in ENS for Windows
https://notcve.org/view.php?id=CVE-2020-7319
09 Sep 2020 — Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to access files which the user otherwise would not have access to via manipulating symbolic links to redirect McAfee file operations to an unintended file. Una vulnerabilidad de Control de Acceso Inapropiado en McAfee Endpoint Security (ENS) para Windows versiones anteriores a 10.7.0 Actualización de Septiembre de 2020, permite a usuarios locales acceder a archivos a l... • https://kc.mcafee.com/corporate/index?page=content&id=SB10327 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7320 – Protection Mechanism Failure in ENS for Windows
https://notcve.org/view.php?id=CVE-2020-7320
09 Sep 2020 — Protection Mechanism Failure vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local administrator to temporarily reduce the detection capability allowing otherwise detected malware to run via stopping certain Microsoft services. Una vulnerabilidad de Fallo del Mecanismo de Protección en McAfee Endpoint Security (ENS) para Windows versiones anteriores a 10.7.0 Actualización de Septiembre de 2020, permite al administrador local reducir temporalmente la c... • https://kc.mcafee.com/corporate/index?page=content&id=SB10327 • CWE-693: Protection Mechanism Failure •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7265 – Privilege Escalation vulnerability through symbolic links in ENSM
https://notcve.org/view.php?id=CVE-2020-7265
08 May 2020 — Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Mac prior to 10.6.9 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine. Una vulnerabilidad de Escalada de Privilegios en McAfee Endpoint Security (ENS) para Mac versiones anteriores a 10.6.9, permite a usuarios locales eliminar archivos... • https://kc.mcafee.com/corporate/index?page=content&id=SB10316 • CWE-269: Improper Privilege Management CWE-274: Improper Handling of Insufficient Privileges •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-7264 – Privilege Escalation vulnerability through symbolic links in ENS for Windows
https://notcve.org/view.php?id=CVE-2020-7264
08 May 2020 — Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 Hotfix 199847 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine. Una vulnerabilidad de Escalada de Privilegios en McAfee Endpoint Security (ENS) para Windows versiones anteriores a 10.7.0 Hotfix 199847, permite ... • https://kc.mcafee.com/corporate/index?page=content&id=SB10316 • CWE-269: Improper Privilege Management CWE-274: Improper Handling of Insufficient Privileges •
CVSS: 6.7EPSS: 0%CPEs: 9EXPL: 0CVE-2020-7263 – ENS configuration can be edited by attacker with local administrator permissions
https://notcve.org/view.php?id=CVE-2020-7263
01 Apr 2020 — Improper access control vulnerability in ESconfigTool.exe in McAfee Endpoint Security (ENS) for Windows all current versions allows local administrator to alter ENS configuration up to and including disabling all protection offered by ENS via insecurely implemented encryption of configuration for export and import. Una vulnerabilidad de control de acceso inapropiado en el archivo ESConfigTool.exe en McAfee Endpoint Security (ENS) para Windows, todas las versiones actuales permite a un administrador local al... • https://kc.mcafee.com/corporate/index?page=content&id=SB10314 • CWE-264: Permissions, Privileges, and Access Controls CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-3653 – ESConfig Tool access not controlled
https://notcve.org/view.php?id=CVE-2019-3653
09 Oct 2019 — Improper access control vulnerability in Configuration tool in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to gain access to security configuration via unauthorized use of the configuration tool. Una vulnerabilidad de control de acceso inapropiada en la herramienta de Configuración en McAfee Endpoint Security (ENS) versiones anteriores a 10.6.1 Update de octubre 2019, permite al usuario local conseguir acceso a la configuración de seguridad mediante el uso no autoriz... • https://kc.mcafee.com/corporate/index?page=content&id=SB10299 • CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2019-3652 – ENS code injection in EPSetup.exe
https://notcve.org/view.php?id=CVE-2019-3652
09 Oct 2019 — Code Injection vulnerability in EPSetup.exe in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to get their malicious code installed by the ENS installer via code injection into EPSetup.exe by an attacker with access to the installer. Una vulnerabilidad de inyección de código en el archivo EPSetup.exe en McAfee Endpoint Security (ENS) versiones anteriores a 10.6.1 Update de octubre 2019, permite al usuario local obtener su código malicioso instalado mediante el instalado... • https://kc.mcafee.com/corporate/index?page=content&id=SB10299 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2019-8461
https://notcve.org/view.php?id=CVE-2019-8461
29 Aug 2019 — Check Point Endpoint Security Initial Client for Windows before version E81.30 tries to load a DLL placed in any PATH location on a clean image without Endpoint Client installed. An attacker can leverage this to gain LPE using a specially crafted DLL placed in any PATH location accessible with write permissions to the user. Check Point Endpoint Security Initial Client para Windows versión anterior a E81.30, intenta cargar una biblioteca DLL localizada en cualquier ubicación de RUTA (PATH) en una imagen limp... • https://safebreach.com/Post/Check-Point-Endpoint-Security-Initial-Client-for-Windows-Privilege-Escalation-to-SYSTEM • CWE-114: Process Control CWE-426: Untrusted Search Path •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-3586 – McAfee Endpoint Security firewall not always acting on GTI lookup results
https://notcve.org/view.php?id=CVE-2019-3586
15 May 2019 — Protection Mechanism Failure in the Firewall in McAfee Endpoint Security (ENS) 10.x prior to 10.6.1 May 2019 update allows context-dependent attackers to circumvent ENS protection where GTI flagged IP addresses are not blocked by the ENS Firewall via specially crafted malicious sites where the GTI reputation is carefully manipulated and does not correctly trigger the ENS Firewall to block the connection. Una falla del mecanismo de protección en el Firewall en McAfee Endpoint Security (ENS) 10.x anterior a 1... • http://www.securityfocus.com/bid/108416 • CWE-693: Protection Mechanism Failure •