@vnaidu 

Thank you for sharing your concerns

Below is the impact and severity rating for CVE-2020-7263

ENS offers the ability for a local administrator to export the configuration being enforced. The encryption key used is common across multiple versions of ENS, allowing a malicious actor with local administrator rights to export the configuration and decrypt it. The actor can then use a text editor to alter the configuration, including disabling several ENS features. It is possible to then encrypt the modified configuration and ask ENS to import it. This configuration would then be applied, potentially disabling all protection on the system.

The ENS July 2020 Update introduces a new Access Protection rule "Unauthorized execution of EsConfigTool" that is enabled by default. Administrators can disable the rule if they want to run the tool to export or import policies locally. They then need to re-enable the rule after use of the tool.

Improper access control vulnerability in ESConfigTool.exe in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 July 2020 Update allows local administrator to alter ENS configuration up to and including disabling all protection offered by ENS via insecurely implemented encryption of configuration for export and import.

Please, let me know if the above information helps! 

Hello @vnaidu 

Thanks for your response.

Please check the below information:

https://kc.mcafee.com/corporate/index?page=content&id=SB10314

ENS offers the ability for a local administrator to export the configuration being enforced. The encryption key used is common across multiple versions of ENS, allowing a malicious actor with local administrator rights to export the configuration and decrypt it. The actor can then use a text editor to alter the configuration, including disabling several ENS features. It is possible to then encrypt the modified configuration and ask ENS to import it. This configuration would then be applied, potentially disabling all protection on the system.

The ENS July 2020 Update introduces a new Access Protection rule "Unauthorized execution of EsConfigTool" that is enabled by default. Administrators can disable the rule if they want to run the tool to export or import policies locally. They then need to re-enable the rule after use of the tool.

ENS offers the ability to lock the client interface, and to require a password when exporting and importing configuration. McAfee recommends that both features are enabled. Steps to enable these options are described in the Workaround section (SB10314).

CVE-2020-7263 – ENS configuration can be edited by attacker with local administrator permissions
Improper access control vulnerability in ESConfigTool.exe in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 July 2020 Update allows local administrator to alter ENS configuration up to and including disabling all protection offered by ENS via insecurely implemented encryption of configuration for export and import.

I hope that the above information will help you.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!