CVE-2020-7308
Transmission of data in clear text by McAfee ENS
Severity Score
6.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Cleartext Transmission of Sensitive Information between McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update and McAfee Global Threat Intelligence (GTI) servers using DNS allows a remote attacker to view the requests from ENS and responses from GTI over DNS. By gaining control of an intermediate DNS server or altering the network DNS configuration, it is possible for an attacker to intercept requests and send their own responses.
Una transmisión de Texto Sin Cifrar de Información Confidencial entre McAfee Endpoint Security (ENS) para Windows anterior a versión 10.7.0 Update de Febrero de 2021 y los servidores de McAfee Global Threat Intelligence (GTI) que usan DNS permite a un atacante remoto visualizar unas peticiones de ENS y unas respuestas de GTI por medio de DNS. Al conseguir el control de un servidor DNS intermedio o alterar la configuración del DNS de la red, es posible a un atacante interceptar peticiones y enviar sus propias respuestas
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-01-21 CVE Reserved
- 2021-04-15 CVE Published
- 2024-04-18 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-319: Cleartext Transmission of Sensitive Information
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://kc.mcafee.com/corporate/index?page=content&id=SB10354 | 2023-11-16 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mcafee Search vendor "Mcafee" | Endpoint Security Search vendor "Mcafee" for product "Endpoint Security" | <= 10.6.1 Search vendor "Mcafee" for product "Endpoint Security" and version " <= 10.6.1" | windows |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Endpoint Security Search vendor "Mcafee" for product "Endpoint Security" | 10.6.1 Search vendor "Mcafee" for product "Endpoint Security" and version "10.6.1" | windows |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Endpoint Security Search vendor "Mcafee" for product "Endpoint Security" | 10.6.1 Search vendor "Mcafee" for product "Endpoint Security" and version "10.6.1" | april_2020, windows |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Endpoint Security Search vendor "Mcafee" for product "Endpoint Security" | 10.6.1 Search vendor "Mcafee" for product "Endpoint Security" and version "10.6.1" | december_2018, windows |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Endpoint Security Search vendor "Mcafee" for product "Endpoint Security" | 10.6.1 Search vendor "Mcafee" for product "Endpoint Security" and version "10.6.1" | december_2019, windows |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Endpoint Security Search vendor "Mcafee" for product "Endpoint Security" | 10.6.1 Search vendor "Mcafee" for product "Endpoint Security" and version "10.6.1" | february_2019, windows |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Endpoint Security Search vendor "Mcafee" for product "Endpoint Security" | 10.6.1 Search vendor "Mcafee" for product "Endpoint Security" and version "10.6.1" | february_2020, windows |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Endpoint Security Search vendor "Mcafee" for product "Endpoint Security" | 10.6.1 Search vendor "Mcafee" for product "Endpoint Security" and version "10.6.1" | july_2019, windows |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Endpoint Security Search vendor "Mcafee" for product "Endpoint Security" | 10.6.1 Search vendor "Mcafee" for product "Endpoint Security" and version "10.6.1" | july_2020, windows |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Endpoint Security Search vendor "Mcafee" for product "Endpoint Security" | 10.6.1 Search vendor "Mcafee" for product "Endpoint Security" and version "10.6.1" | may_2019, windows |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Endpoint Security Search vendor "Mcafee" for product "Endpoint Security" | 10.6.1 Search vendor "Mcafee" for product "Endpoint Security" and version "10.6.1" | november_2018, windows |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Endpoint Security Search vendor "Mcafee" for product "Endpoint Security" | 10.6.1 Search vendor "Mcafee" for product "Endpoint Security" and version "10.6.1" | november_2020, windows |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Endpoint Security Search vendor "Mcafee" for product "Endpoint Security" | 10.6.1 Search vendor "Mcafee" for product "Endpoint Security" and version "10.6.1" | october_2019, windows |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Endpoint Security Search vendor "Mcafee" for product "Endpoint Security" | 10.6.1 Search vendor "Mcafee" for product "Endpoint Security" and version "10.6.1" | september_2020, windows |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Endpoint Security Search vendor "Mcafee" for product "Endpoint Security" | 10.7.0 Search vendor "Mcafee" for product "Endpoint Security" and version "10.7.0" | february_2020, windows |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Endpoint Security Search vendor "Mcafee" for product "Endpoint Security" | 10.7.0 Search vendor "Mcafee" for product "Endpoint Security" and version "10.7.0" | july_2020, windows |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Endpoint Security Search vendor "Mcafee" for product "Endpoint Security" | 10.7.0 Search vendor "Mcafee" for product "Endpoint Security" and version "10.7.0" | november_2020, windows |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Endpoint Security Search vendor "Mcafee" for product "Endpoint Security" | 10.7.0 Search vendor "Mcafee" for product "Endpoint Security" and version "10.7.0" | september_2020, windows |
Affected
| ||||||