ESConfigTool.exe Incorrect Permission Assignment for Critical Resource Vulnerability

Summary

ENS offers the ability for a local administrator to export the configuration being enforced. The encryption key used is common across multiple versions of ENS, allowing a malicious actor with local administrator rights to export the configuration and decrypt it. The actor can then use a text editor to alter the configuration, including disabling several ENS features. It is possible to then encrypt the modified configuration and ask ENS to import it. This configuration would then be applied, potentially disabling all protection on the system.

 

 

 

Credit:

The information has been provided by Donny Maasland

The original article can be found at:https://kc.mcafee.com/corporate/index?page=content&id=SB10314

 


Details

Improper access control vulnerability in ESConfigTool.exe in ENS for Windows all current versions allows a local administrator to alter the ENS configuration up to and including disabling all protection offered by ENS via insecurely implemented encryption of configuration for export and import.

 

Vulnerable Systems:

ESConfigTool.exe 

 

CVE Information:

CVE-2020-7263

 

Disclosure Timeline:
Published Date:4/1/2020

Categories: FeaturedNews