cnvd - cnvd-2021-12620

cnvd-2021-12620

Vulnerability from cnvd

Title: McAfee Endpoint Security信息泄露漏洞

Description:

McAfee Endpoint Security (ENS)是McAfee的防病毒产品，可提供全面的网络安全威胁防护。

McAfee Endpoint Security Windows版存在敏感信息明文存储漏洞。攻击者可利用该漏洞在ENS管理员执行特定操作后通过访问进程内存来查看ENS设置和凭据。

Severity: 中

Patch Name: McAfee Endpoint Security信息泄露漏洞的补丁

Patch Description:

McAfee Endpoint Security (ENS)是McAfee的防病毒产品，可提供全面的网络安全威胁防护。

McAfee Endpoint Security Windows版存在敏感信息明文存储漏洞。攻击者可利用该漏洞在ENS管理员执行特定操作后通过访问进程内存来查看ENS设置和凭据。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://kc.mcafee.com/corporate/index?page=content&id=SB10345

Reference: https://nvd.nist.gov/vuln/detail/CVE-2021-23878

Impacted products

Name
McAfee Endpoint Security（ENS）for Windows <10.7.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-23878",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-23878"
    }
  },
  "description": "McAfee Endpoint Security (ENS)\u662fMcAfee\u7684\u9632\u75c5\u6bd2\u4ea7\u54c1\uff0c\u53ef\u63d0\u4f9b\u5168\u9762\u7684\u7f51\u7edc\u5b89\u5168\u5a01\u80c1\u9632\u62a4\u3002\n\nMcAfee Endpoint Security Windows\u7248\u5b58\u5728\u654f\u611f\u4fe1\u606f\u660e\u6587\u5b58\u50a8\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728ENS\u7ba1\u7406\u5458\u6267\u884c\u7279\u5b9a\u64cd\u4f5c\u540e\u901a\u8fc7\u8bbf\u95ee\u8fdb\u7a0b\u5185\u5b58\u6765\u67e5\u770bENS\u8bbe\u7f6e\u548c\u51ed\u636e\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://kc.mcafee.com/corporate/index?page=content\u0026id=SB10345",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-12620",
  "openTime": "2021-02-25",
  "patchDescription": "McAfee Endpoint Security (ENS)\u662fMcAfee\u7684\u9632\u75c5\u6bd2\u4ea7\u54c1\uff0c\u53ef\u63d0\u4f9b\u5168\u9762\u7684\u7f51\u7edc\u5b89\u5168\u5a01\u80c1\u9632\u62a4\u3002\r\n\r\nMcAfee Endpoint Security Windows\u7248\u5b58\u5728\u654f\u611f\u4fe1\u606f\u660e\u6587\u5b58\u50a8\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728ENS\u7ba1\u7406\u5458\u6267\u884c\u7279\u5b9a\u64cd\u4f5c\u540e\u901a\u8fc7\u8bbf\u95ee\u8fdb\u7a0b\u5185\u5b58\u6765\u67e5\u770bENS\u8bbe\u7f6e\u548c\u51ed\u636e\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "McAfee Endpoint Security\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "McAfee Endpoint Security\uff08ENS\uff09for Windows \u003c10.7.0"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-23878",
  "serverity": "\u4e2d",
  "submitTime": "2021-02-22",
  "title": "McAfee Endpoint Security\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

CVE-2021-23878 (GCVE-0-2021-23878)

Vulnerability from cvelistv5

Published

2021-02-10 09:10

Modified

2024-09-16 19:41

Severity ?

7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-312 - Cleartext storage of sensitive information

Summary

Clear text storage of sensitive Information in memory vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows a local user to view ENS settings and credentials via accessing process memory after the ENS administrator has performed specific actions. To exploit this, the local user has to access the relevant memory location immediately after an ENS administrator has made a configuration change through the console on their machine

References

▼	URL	Tags
	https://kc.mcafee.com/corporate/index?page=content&id=SB10345	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	McAfee LLC	Endpoint Security (ENS) for Windows	Version: 10.7.x < 10.7.0 February 2021

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:14:09.386Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10345"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Endpoint Security (ENS) for Windows",
          "vendor": "McAfee LLC",
          "versions": [
            {
              "lessThan": "10.7.0 February 2021",
              "status": "affected",
              "version": "10.7.x",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Lockheed Martin Red Team"
        }
      ],
      "datePublic": "2021-02-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Clear text storage of sensitive Information in memory vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows a local user to view ENS settings and credentials via accessing process memory after the ENS administrator has performed specific actions. To exploit this, the local user has to access the relevant memory location immediately after an ENS administrator has made a configuration change through the console on their machine"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-312",
              "description": "CWE-312: Cleartext storage of sensitive information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-10T09:10:14",
        "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "shortName": "trellix"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10345"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Clear text storage of sensitive Information in ENS",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@mcafee.com",
          "DATE_PUBLIC": "2021-02-10T00:00:00.000Z",
          "ID": "CVE-2021-23878",
          "STATE": "PUBLIC",
          "TITLE": "Clear text storage of sensitive Information in ENS"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Endpoint Security (ENS) for Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.7.x",
                            "version_value": "10.7.0 February 2021"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "McAfee LLC"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Lockheed Martin Red Team"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Clear text storage of sensitive Information in memory vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows a local user to view ENS settings and credentials via accessing process memory after the ENS administrator has performed specific actions. To exploit this, the local user has to access the relevant memory location immediately after an ENS administrator has made a configuration change through the console on their machine"
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-312: Cleartext storage of sensitive information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10345",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10345"
            }
          ]
        },
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
    "assignerShortName": "trellix",
    "cveId": "CVE-2021-23878",
    "datePublished": "2021-02-10T09:10:14.580381Z",
    "dateReserved": "2021-01-12T00:00:00",
    "dateUpdated": "2024-09-16T19:41:11.060Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted