Details of VAR-202007-1254

ID

VAR-202007-1254

CVE

CVE-2020-7292

TITLE

McAfee Web Gateway Encoding and escaping vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2020-008130

DESCRIPTION

Inappropriate Encoding for output context vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows a remote attacker to cause MWG to return an ambiguous redirect response via getting a user to click on a malicious URL. McAfee Web Gateway (MWG) Exists in encoding and escaping vulnerabilities.Information may be tampered with. The product provides functions such as threat protection, application control, and data loss prevention. There is a security vulnerability in McAfee MWG versions prior to 9.2.1

Trust: 2.25

sources: NVD: CVE-2020-7292 // JVNDB: JVNDB-2020-008130 // CNVD: CNVD-2020-44910 // VULHUB: VHN-185417

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-44910

AFFECTED PRODUCTS

vendor:	mcafee	model:	web gateway	scope:	lt	version:	9.2.1	Trust: 1.6
vendor:	mcafee	model:	web gateway	scope:	gte	version:	8.2.0	Trust: 1.0
vendor:	mcafee	model:	web gateway	scope:	lt	version:	7.8.2.22	Trust: 1.0
vendor:	mcafee	model:	web gateway	scope:	gte	version:	9.0.0	Trust: 1.0
vendor:	mcafee	model:	web gateway	scope:	lt	version:	8.2.9	Trust: 1.0
vendor:	mcafee	model:	web gateway	scope:	gte	version:	7.8.0	Trust: 1.0
vendor:	マカフィー	model:	mcafee web gateway	scope:	eq	version:	-	Trust: 0.8
vendor:	マカフィー	model:	mcafee web gateway	scope:	lt	version:	9.2.1	Trust: 0.8

sources: CNVD: CNVD-2020-44910 // JVNDB: JVNDB-2020-008130 // NVD: CVE-2020-7292

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-7292
value:	MEDIUM
Trust: 1.0
trellixpsirt@trellix.com:	CVE-2020-7292
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-7292
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-44910
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202007-1033
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-185417
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-7292
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2020-44910
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-185417
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-7292
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2020-008130
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-44910 // VULHUB: VHN-185417 // JVNDB: JVNDB-2020-008130 // CNNVD: CNNVD-202007-1033 // NVD: CVE-2020-7292 // NVD: CVE-2020-7292

PROBLEMTYPE DATA

problemtype:	CWE-838	Trust: 1.1
problemtype:	Improper encoding or output escaping (CWE-116) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-185417 // JVNDB: JVNDB-2020-008130 // NVD: CVE-2020-7292

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-1033

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202007-1033

PATCH

title:	SB10323	url:	https://kc.mcafee.com/corporate/index?page=content&id=SB10323	Trust: 0.8
title:	Patch for McAfee Web Gateway has an unspecified vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/229873	Trust: 0.6
title:	McAfee Web Gateway Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124113	Trust: 0.6

sources: CNVD: CNVD-2020-44910 // JVNDB: JVNDB-2020-008130 // CNNVD: CNNVD-202007-1033

EXTERNAL IDS

db:	NVD	id:	CVE-2020-7292	Trust: 3.1
db:	MCAFEE	id:	SB10323	Trust: 2.3
db:	JVNDB	id:	JVNDB-2020-008130	Trust: 0.8
db:	CNVD	id:	CNVD-2020-44910	Trust: 0.7
db:	CNNVD	id:	CNNVD-202007-1033	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.2425	Trust: 0.6
db:	VULHUB	id:	VHN-185417	Trust: 0.1

sources: CNVD: CNVD-2020-44910 // VULHUB: VHN-185417 // JVNDB: JVNDB-2020-008130 // CNNVD: CNNVD-202007-1033 // NVD: CVE-2020-7292

REFERENCES

url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10323	Trust: 2.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-7292	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2020.2425/	Trust: 0.6
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10323	Trust: 0.1

sources: CNVD: CNVD-2020-44910 // VULHUB: VHN-185417 // JVNDB: JVNDB-2020-008130 // CNNVD: CNNVD-202007-1033 // NVD: CVE-2020-7292

SOURCES

db:	CNVD	id:	CNVD-2020-44910
db:	VULHUB	id:	VHN-185417
db:	JVNDB	id:	JVNDB-2020-008130
db:	CNNVD	id:	CNNVD-202007-1033
db:	NVD	id:	CVE-2020-7292

LAST UPDATE DATE

2024-11-23T22:05:26.317000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-44910	date:	2020-08-07T00:00:00
db:	VULHUB	id:	VHN-185417	date:	2020-09-17T00:00:00
db:	JVNDB	id:	JVNDB-2020-008130	date:	2020-09-03T00:00:00
db:	CNNVD	id:	CNNVD-202007-1033	date:	2020-08-17T00:00:00
db:	NVD	id:	CVE-2020-7292	date:	2024-11-21T05:37:00.217

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-44910	date:	2020-08-07T00:00:00
db:	VULHUB	id:	VHN-185417	date:	2020-07-15T00:00:00
db:	JVNDB	id:	JVNDB-2020-008130	date:	2020-09-03T00:00:00
db:	CNNVD	id:	CNNVD-202007-1033	date:	2020-07-15T00:00:00
db:	NVD	id:	CVE-2020-7292	date:	2020-07-15T15:15:11.503