CVE-2020-7263

MEDIUM Year: 2020
CVSS v3 Score
6.7
Medium
CVSS v2 Score
4.6
Medium
Weakness Type
CWE-264
View all →

Vulnerability Description

Improper access control vulnerability in ESconfigTool.exe in McAfee Endpoint Security (ENS) for Windows all current versions allows local administrator to alter ENS configuration up to and including disabling all protection offered by ENS via insecurely implemented encryption of configuration for export and import.

Related Vulnerabilities

CVE-2014-3752

MEDIUM
CVSS:6.7(Medium)

The MiniIcpt.sys driver in G Data TotalProtection 2014 24.0.2.1 and earlier allows local users with administrator rights to execute arbitrary code with SYSTEM privileges via a crafted 0x83170180 call.

CWE-2642014

CVE-2015-3321

MEDIUM
CVSS:6.7(Medium)

Services and files in Lenovo Fingerprint Manager before 8.01.42 have incorrect ACLs, which allows local users to invalidate local checks and gain privileges via standard filesystem operations.

CWE-2642015

CVE-2015-4045

MEDIUM
CVSS:6.7(Medium)

The sudoers file in the asset discovery scanner in AlienVault OSSIM before 5.0.1 allows local users to gain privileges via a crafted nmap script.

CWE-2642015

CVE-2015-8660

MEDIUM
CVSS:6.7(Medium)

The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and mo...

CWE-2642015

CVE-2016-0905

MEDIUM
CVSS:6.7(Medium)

Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root privileges by leveraging admin access and entering a sudo command.

CWE-2642016

CVE-2016-0908

MEDIUM
CVSS:6.7(Medium)

EMC Isilon OneFS 7.1.x before 7.1.1.9 and 7.2.x before 7.2.1.2 allows local users to obtain root shell access by leveraging administrative privileges.

CWE-2642016