mcafee endpoint-security CVE-2020-7322 is a vulnerability in McAfee Endpoint Security
Published on September 9, 2020

Exposure of Sensitive Information in ENS for Windows
Information Disclosure Vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to gain access to sensitive information via incorrectly logging of sensitive information in debug logs.

NVD

Vulnerability Analysis

CVE-2020-7322 is exploitable with local system access, requires user interaction and user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be low. considered to have a small impact on confidentiality and integrity and availability.

Attack Vector:
LOCAL
Attack Complexity:
HIGH
Privileges Required:
HIGH
User Interaction:
REQUIRED
Scope:
CHANGED
Confidentiality Impact:
LOW
Integrity Impact:
LOW
Availability Impact:
LOW

Weakness Type

Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.


Products Associated with CVE-2020-7322

Want to know whenever a new CVE is published for McAfee Endpoint Security? stack.watch will email you.

McAfee Endpoint Security
 

Affected Versions

McAfee LLC Endpoint Security for Windows:

Exploit Probability

EPSS
0.06%
Percentile
18.36%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.