CVE-2020-7328 Vulnerability Details

  /     /     /  

CVE-2020-7328 Metadata Quick Info

CVE Published: 11/11/2020 | CVE Updated: 17/09/2024 | CVE Year: 2020
Source: trellix | Vendor: McAfee, LLC | Product: MVISION Endpoint ePO extension
Status : PUBLISHED

---

CVE-2020-7328 Description

External entity attack vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers to gain control of a resource or trigger arbitrary code execution via improper input validation of an HTTP request, where the content for the attack has been loaded into ePO by an ePO administrator.

Metrics

CVSS Version: 3.1 | Base Score: 7.2 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* HIGH
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* HIGH
    Availability Impact (A)* HIGH

Weakness Enumeration (CWE)

CWE-ID: CWE-918
CWE Name: CWE-918 Server-Side Request Forgery (SSRF)
Source: McAfee, LLC

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).