Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-7308

Cleartext Transmission of Sensitive Information between McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update and McAfee Global Threat Intelligence (GTI) servers using DNS allows a remote attacker to view the requests from ENS and responses from GTI over DNS. By gaining control of an intermediate DNS server or altering the network DNS configuration, it is possible for an attacker to intercept requests and send their own responses.

Published

2021-04-15T08:15:14.370

Last Modified

2024-11-21T05:37:02.140

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.8 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: NONE
Exploitability Score

10.0

Impact Score

4.9

Weaknesses
  • Type: Secondary
    CWE-319
  • Type: Primary
    CWE-319
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application mcafee endpoint_security ≤ 10.6.1 Yes
Application mcafee endpoint_security 10.6.1 Yes
Application mcafee endpoint_security 10.6.1 Yes
Application mcafee endpoint_security 10.6.1 Yes
Application mcafee endpoint_security 10.6.1 Yes
Application mcafee endpoint_security 10.6.1 Yes
Application mcafee endpoint_security 10.6.1 Yes
Application mcafee endpoint_security 10.6.1 Yes
Application mcafee endpoint_security 10.6.1 Yes
Application mcafee endpoint_security 10.6.1 Yes
Application mcafee endpoint_security 10.6.1 Yes
Application mcafee endpoint_security 10.6.1 Yes
Application mcafee endpoint_security 10.6.1 Yes
Application mcafee endpoint_security 10.6.1 Yes
Application mcafee endpoint_security 10.7.0 Yes
Application mcafee endpoint_security 10.7.0 Yes
Application mcafee endpoint_security 10.7.0 Yes
Application mcafee endpoint_security 10.7.0 Yes
References