cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
vnaidu
MVP
Report Inappropriate Content
Message 1 of 6
‎09-07-2020 12:49 AM

CVE-2020-7263

Dear All,

We are running ENS 10.6.1 and we are aware that it should be upgraded with the july update, however can any one help me understand its severity. I mean put it in layman terms, so that it will be helpful for me to proceed further to take the required actions.

 

Also help me understand more about CVE-2020-7264 too.

 

TIA,

Venu

Venu
0 Kudos
Reply
5 Replies
vivs
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 6
‎09-07-2020 06:11 AM

Re: CVE-2020-7263

Hello @vnaidu 

Thanks for your post.

Please refer the below KB article which is having all the information in regards to CVE 202-7264

https://kc.mcafee.com/corporate/index?page=content&id=SB10316

https://kc.mcafee.com/corporate/index?page=content&id=SNS2420&locale=en_US

 

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

 

0 Kudos
Reply
vnaidu
MVP
Report Inappropriate Content
Message 3 of 6
‎09-07-2020 08:13 PM

Re: CVE-2020-7263

Dear @vivs ,

I have read the article, however I would like to know what is the current status of the versions if not upgraded and what is the status if it is upgraded to the recommended versions or hotfixes. I  would like to know the severity and the status. 

Can you please explain me in detal.

Regards,

Venu

Venu
0 Kudos
Reply
Former Member
Not applicable
Report Inappropriate Content
Message 4 of 6
‎09-08-2020 12:27 AM

Re: CVE-2020-7263

@vnaidu 

Thank you for sharing your concerns

Below is the impact and severity rating for CVE-2020-7263

 Impact of Vulnerability:Permissions, Privileges, and Access Controls – CWE-264
 CVE ID:CVE-2020-7263
 Severity Rating:Medium
 CVSS v3 Base/Temporal Scores:6.5 / 5.4
 Recommendations:Update to one of the following Endpoint Security (ENS) versions:
  • ENS 10.7.0 July 2020 Update
  • ENS 10.6.1 July 2020 Update

 

ENS offers the ability for a local administrator to export the configuration being enforced. The encryption key used is common across multiple versions of ENS, allowing a malicious actor with local administrator rights to export the configuration and decrypt it. The actor can then use a text editor to alter the configuration, including disabling several ENS features. It is possible to then encrypt the modified configuration and ask ENS to import it. This configuration would then be applied, potentially disabling all protection on the system.

The ENS July 2020 Update introduces a new Access Protection rule "Unauthorized execution of EsConfigTool" that is enabled by default. Administrators can disable the rule if they want to run the tool to export or import policies locally. They then need to re-enable the rule after use of the tool.

Improper access control vulnerability in ESConfigTool.exe in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 July 2020 Update allows local administrator to alter ENS configuration up to and including disabling all protection offered by ENS via insecurely implemented encryption of configuration for export and import.

Please, let me know if the above information helps! 

0 Kudos
Reply
amit_naidu
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 6
‎09-08-2020 12:46 AM

Re: CVE-2020-7263

@vnaidu 

 

Thank you for sharing your concerns

Below is the impact and severity rating for CVE-2020-7263

 Impact of Vulnerability: Permissions, Privileges, and Access Controls – CWE-264
 CVE ID: CVE-2020-7263
 Severity Rating: Medium
 CVSS v3 Base/Temporal Scores: 6.5 / 5.4
 Recommendations: Update to one of the following Endpoint Security (ENS) versions:
  • ENS 10.7.0 July 2020 Update
  • ENS 10.6.1 July 2020 Update

 

ENS offers the ability for a local administrator to export the configuration being enforced. The encryption key used is common across multiple versions of ENS, allowing a malicious actor with local administrator rights to export the configuration and decrypt it. The actor can then use a text editor to alter the configuration, including disabling several ENS features. It is possible to then encrypt the modified configuration and ask ENS to import it. This configuration would then be applied, potentially disabling all protection on the system.

The ENS July 2020 Update introduces a new Access Protection rule "Unauthorized execution of EsConfigTool" that is enabled by default. Administrators can disable the rule if they want to run the tool to export or import policies locally. They then need to re-enable the rule after use of the tool.

Improper access control vulnerability in ESConfigTool.exe in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 July 2020 Update allows local administrator to alter ENS configuration up to and including disabling all protection offered by ENS via insecurely implemented encryption of configuration for export and import.

Please, let me know if the above information helps! 

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Amit N
0 Kudos
Reply
vivs
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 6
‎09-08-2020 03:44 AM

Re: CVE-2020-7263

Hello @vnaidu 

Thanks for your response.

Please check the below information:

https://kc.mcafee.com/corporate/index?page=content&id=SB10314

 Impact of Vulnerability: Permissions, Privileges, and Access Controls – CWE-264
 CVE ID: CVE-2020-7263
 Severity Rating: Medium
 CVSS v3 Base/Temporal Scores: 6.5 / 5.4
 Recommendations: Update to one of the following Endpoint Security (ENS) versions:
  • ENS 10.7.0 July 2020 Update
  • ENS 10.6.1 July 2020 Update

 

ENS offers the ability for a local administrator to export the configuration being enforced. The encryption key used is common across multiple versions of ENS, allowing a malicious actor with local administrator rights to export the configuration and decrypt it. The actor can then use a text editor to alter the configuration, including disabling several ENS features. It is possible to then encrypt the modified configuration and ask ENS to import it. This configuration would then be applied, potentially disabling all protection on the system.

The ENS July 2020 Update introduces a new Access Protection rule "Unauthorized execution of EsConfigTool" that is enabled by default. Administrators can disable the rule if they want to run the tool to export or import policies locally. They then need to re-enable the rule after use of the tool.

ENS offers the ability to lock the client interface, and to require a password when exporting and importing configuration. McAfee recommends that both features are enabled. Steps to enable these options are described in the Workaround section (SB10314).

CVE-2020-7263 – ENS configuration can be edited by attacker with local administrator permissions
Improper access control vulnerability in ESConfigTool.exe in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 July 2020 Update allows local administrator to alter ENS configuration up to and including disabling all protection offered by ENS via insecurely implemented encryption of configuration for export and import.

I hope that the above information will help you.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community


Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA

Consumer Support   |   Enterprise Support   |   McAfee.com

Legal   |   Privacy   |   Copyright © 2020 McAfee, LLC