CVE-2020-7308

Cleartext Transmission of Sensitive Information between McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update and McAfee Global Threat Intelligence (GTI) servers using DNS allows a remote attacker to view the requests from ENS and responses from GTI over DNS. By gaining control of an intermediate DNS server or altering the network DNS configuration, it is possible for an attacker to intercept requests and send their own responses.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mcafee:endpoint_security:*:*:*:*:*:windows:*:*
cpe:2.3:a:mcafee:endpoint_security:10.6.1:-:*:*:*:windows:*:*
cpe:2.3:a:mcafee:endpoint_security:10.6.1:april_2020:*:*:*:windows:*:*
cpe:2.3:a:mcafee:endpoint_security:10.6.1:december_2018:*:*:*:windows:*:*
cpe:2.3:a:mcafee:endpoint_security:10.6.1:december_2019:*:*:*:windows:*:*
cpe:2.3:a:mcafee:endpoint_security:10.6.1:february_2019:*:*:*:windows:*:*
cpe:2.3:a:mcafee:endpoint_security:10.6.1:february_2020:*:*:*:windows:*:*
cpe:2.3:a:mcafee:endpoint_security:10.6.1:july_2019:*:*:*:windows:*:*
cpe:2.3:a:mcafee:endpoint_security:10.6.1:july_2020:*:*:*:windows:*:*
cpe:2.3:a:mcafee:endpoint_security:10.6.1:may_2019:*:*:*:windows:*:*
cpe:2.3:a:mcafee:endpoint_security:10.6.1:november_2018:*:*:*:windows:*:*
cpe:2.3:a:mcafee:endpoint_security:10.6.1:november_2020:*:*:*:windows:*:*
cpe:2.3:a:mcafee:endpoint_security:10.6.1:october_2019:*:*:*:windows:*:*
cpe:2.3:a:mcafee:endpoint_security:10.6.1:september_2020:*:*:*:windows:*:*
cpe:2.3:a:mcafee:endpoint_security:10.7.0:february_2020:*:*:*:windows:*:*
cpe:2.3:a:mcafee:endpoint_security:10.7.0:july_2020:*:*:*:windows:*:*
cpe:2.3:a:mcafee:endpoint_security:10.7.0:november_2020:*:*:*:windows:*:*
cpe:2.3:a:mcafee:endpoint_security:10.7.0:september_2020:*:*:*:windows:*:*

History

21 Nov 2024, 05:37

Type Values Removed Values Added
CVSS v2 : 6.4
v3 : 6.5
v2 : 6.4
v3 : 4.8
References () https://kc.mcafee.com/corporate/index?page=content&id=SB10354 - Broken Link, Vendor Advisory () https://kc.mcafee.com/corporate/index?page=content&id=SB10354 - Broken Link, Vendor Advisory

16 Nov 2023, 14:22

Type Values Removed Values Added
References () https://kc.mcafee.com/corporate/index?page=content&id=SB10354 - () https://kc.mcafee.com/corporate/index?page=content&id=SB10354 - Broken Link, Vendor Advisory
CWE CWE-319

07 Nov 2023, 03:25

Type Values Removed Values Added
CWE CWE-319
References (CONFIRM) https://kc.mcafee.com/corporate/index?page=content&id=SB10354 - Patch, Vendor Advisory () https://kc.mcafee.com/corporate/index?page=content&id=SB10354 -

Information

Published : 2021-04-15 08:15

Updated : 2024-11-21 05:37


NVD link : CVE-2020-7308

Mitre link : CVE-2020-7308

CVE.ORG link : CVE-2020-7308


JSON object : View

Products Affected

mcafee

  • endpoint_security
CWE
CWE-319

Cleartext Transmission of Sensitive Information