Dear All,
We are running ENS 10.6.1 and we are aware that it should be upgraded with the july update, however can any one help me understand its severity. I mean put it in layman terms, so that it will be helpful for me to proceed further to take the required actions.
Also help me understand more about CVE-2020-7264 too.
TIA,
Venu
Hello @vnaidu
Thanks for your post.
Please refer the below KB article which is having all the information in regards to CVE 202-7264
https://kc.mcafee.com/corporate/index?page=content&id=SB10316
https://kc.mcafee.com/corporate/index?page=content&id=SNS2420&locale=en_US
Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!
Dear @vivs ,
I have read the article, however I would like to know what is the current status of the versions if not upgraded and what is the status if it is upgraded to the recommended versions or hotfixes. I would like to know the severity and the status.
Can you please explain me in detal.
Regards,
Venu
Thank you for sharing your concerns
Below is the impact and severity rating for CVE-2020-7263
Impact of Vulnerability: | Permissions, Privileges, and Access Controls – CWE-264 |
CVE ID: | CVE-2020-7263 |
Severity Rating: | Medium |
CVSS v3 Base/Temporal Scores: | 6.5 / 5.4 |
Recommendations: | Update to one of the following Endpoint Security (ENS) versions:
|
ENS offers the ability for a local administrator to export the configuration being enforced. The encryption key used is common across multiple versions of ENS, allowing a malicious actor with local administrator rights to export the configuration and decrypt it. The actor can then use a text editor to alter the configuration, including disabling several ENS features. It is possible to then encrypt the modified configuration and ask ENS to import it. This configuration would then be applied, potentially disabling all protection on the system.
The ENS July 2020 Update introduces a new Access Protection rule "Unauthorized execution of EsConfigTool" that is enabled by default. Administrators can disable the rule if they want to run the tool to export or import policies locally. They then need to re-enable the rule after use of the tool.
Improper access control vulnerability in ESConfigTool.exe in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 July 2020 Update allows local administrator to alter ENS configuration up to and including disabling all protection offered by ENS via insecurely implemented encryption of configuration for export and import.
Please, let me know if the above information helps!
Thank you for sharing your concerns
Below is the impact and severity rating for CVE-2020-7263
Impact of Vulnerability: | Permissions, Privileges, and Access Controls – CWE-264 |
CVE ID: | CVE-2020-7263 |
Severity Rating: | Medium |
CVSS v3 Base/Temporal Scores: | 6.5 / 5.4 |
Recommendations: | Update to one of the following Endpoint Security (ENS) versions:
|
ENS offers the ability for a local administrator to export the configuration being enforced. The encryption key used is common across multiple versions of ENS, allowing a malicious actor with local administrator rights to export the configuration and decrypt it. The actor can then use a text editor to alter the configuration, including disabling several ENS features. It is possible to then encrypt the modified configuration and ask ENS to import it. This configuration would then be applied, potentially disabling all protection on the system.
The ENS July 2020 Update introduces a new Access Protection rule "Unauthorized execution of EsConfigTool" that is enabled by default. Administrators can disable the rule if they want to run the tool to export or import policies locally. They then need to re-enable the rule after use of the tool.
Improper access control vulnerability in ESConfigTool.exe in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 July 2020 Update allows local administrator to alter ENS configuration up to and including disabling all protection offered by ENS via insecurely implemented encryption of configuration for export and import.
Please, let me know if the above information helps!
Hello @vnaidu
Thanks for your response.
Please check the below information:
https://kc.mcafee.com/corporate/index?page=content&id=SB10314
Impact of Vulnerability: | Permissions, Privileges, and Access Controls – CWE-264 |
CVE ID: | CVE-2020-7263 |
Severity Rating: | Medium |
CVSS v3 Base/Temporal Scores: | 6.5 / 5.4 |
Recommendations: | Update to one of the following Endpoint Security (ENS) versions:
|
ENS offers the ability for a local administrator to export the configuration being enforced. The encryption key used is common across multiple versions of ENS, allowing a malicious actor with local administrator rights to export the configuration and decrypt it. The actor can then use a text editor to alter the configuration, including disabling several ENS features. It is possible to then encrypt the modified configuration and ask ENS to import it. This configuration would then be applied, potentially disabling all protection on the system.
The ENS July 2020 Update introduces a new Access Protection rule "Unauthorized execution of EsConfigTool" that is enabled by default. Administrators can disable the rule if they want to run the tool to export or import policies locally. They then need to re-enable the rule after use of the tool.
ENS offers the ability to lock the client interface, and to require a password when exporting and importing configuration. McAfee recommends that both features are enabled. Steps to enable these options are described in the Workaround section (SB10314).
CVE-2020-7263 – ENS configuration can be edited by attacker with local administrator permissions
Improper access control vulnerability in ESConfigTool.exe in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 July 2020 Update allows local administrator to alter ENS configuration up to and including disabling all protection offered by ENS via insecurely implemented encryption of configuration for export and import.
I hope that the above information will help you.
Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!
Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA