CVE-2020-7308

Cleartext Transmission of Sensitive Information between McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update and McAfee Global Threat Intelligence (GTI) servers using DNS allows a remote attacker to view the requests from ENS and responses from GTI over DNS. By gaining control of an intermediate DNS server or altering the network DNS configuration, it is possible for an attacker to intercept requests and send their own responses.

CVSS v3 4.8 MEDIUM
CVSS v2.0 6.4 MEDIUM

4.8^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

6.4^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://kc.mcafee.com/corporate/index?page=content&id=SB10354	Broken Link Vendor Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10354	Broken Link Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mcafee:endpoint_security::::::windows::*
	cpe:2.3:a:mcafee:endpoint_security:10.6.1:-::::windows::*
	cpe:2.3:a:mcafee:endpoint_security:10.6.1:april_2020::::windows::*
	cpe:2.3:a:mcafee:endpoint_security:10.6.1:december_2018::::windows::*
	cpe:2.3:a:mcafee:endpoint_security:10.6.1:december_2019::::windows::*
	cpe:2.3:a:mcafee:endpoint_security:10.6.1:february_2019::::windows::*
	cpe:2.3:a:mcafee:endpoint_security:10.6.1:february_2020::::windows::*
	cpe:2.3:a:mcafee:endpoint_security:10.6.1:july_2019::::windows::*
	cpe:2.3:a:mcafee:endpoint_security:10.6.1:july_2020::::windows::*
	cpe:2.3:a:mcafee:endpoint_security:10.6.1:may_2019::::windows::*
	cpe:2.3:a:mcafee:endpoint_security:10.6.1:november_2018::::windows::*
	cpe:2.3:a:mcafee:endpoint_security:10.6.1:november_2020::::windows::*
	cpe:2.3:a:mcafee:endpoint_security:10.6.1:october_2019::::windows::*
	cpe:2.3:a:mcafee:endpoint_security:10.6.1:september_2020::::windows::*
	cpe:2.3:a:mcafee:endpoint_security:10.7.0:february_2020::::windows::*
	cpe:2.3:a:mcafee:endpoint_security:10.7.0:july_2020::::windows::*
	cpe:2.3:a:mcafee:endpoint_security:10.7.0:november_2020::::windows::*
	cpe:2.3:a:mcafee:endpoint_security:10.7.0:september_2020::::windows::*

History

21 Nov 2024, 05:37

Type	Values Removed	Values Added
CVSS	v2 : ~~6.4~~ v3 : ~~6.5~~	v2 : 6.4 v3 : 4.8
References	~~() https://kc.mcafee.com/corporate/index?page=content&id=SB10354 - Broken Link, Vendor Advisory~~	() https://kc.mcafee.com/corporate/index?page=content&id=SB10354 - Broken Link, Vendor Advisory

16 Nov 2023, 14:22

Type	Values Removed	Values Added
References	~~() https://kc.mcafee.com/corporate/index?page=content&id=SB10354 -~~	() https://kc.mcafee.com/corporate/index?page=content&id=SB10354 - Broken Link, Vendor Advisory
CWE		CWE-319

07 Nov 2023, 03:25

Type	Values Removed	Values Added
CWE	~~CWE-319~~
References	~~(CONFIRM) https://kc.mcafee.com/corporate/index?page=content&id=SB10354 - Patch, Vendor Advisory~~	() https://kc.mcafee.com/corporate/index?page=content&id=SB10354 -

Information

Published : 2021-04-15 08:15

Updated : 2024-11-21 05:37

NVD link : CVE-2020-7308

Mitre link : CVE-2020-7308

CVE.ORG link : CVE-2020-7308

JSON object : View

Products Affected

mcafee

endpoint_security

CWE

CWE-319

Cleartext Transmission of Sensitive Information

4.8 /10

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

6.4 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2020-7308

4.8^/10

6.4^/10

Attach tags to `CVE-2020-7308`