Lucene search

TrellixCVELIST:CVE-2020-7293

HistorySep 15, 2020 - 10:50 p.m.

CVE-2020-7293 Web Gateway (MWG) - Privilege Escalation vulnerability

2020-09-1522:50:13

CWE-287

trellix

www.cve.org

9 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user with low permissions to change the system’s root password via improper access controls in the user interface.

CNA Affected

[
  {
    "product": "McAfee Web Gateway (MWG)",
    "vendor": "McAfee",
    "versions": [
      {
        "lessThan": "9.2.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

kc.mcafee.com/corporate/index?page=content&id=SB10323

9 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Related for CVELIST:CVE-2020-7293