Sign-up

ID

VAR-202009-1305


CVE

CVE-2020-7293


TITLE

McAfee Web Gateway  Authentication vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2020-011315

DESCRIPTION

Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user with low permissions to change the system's root password via improper access controls in the user interface. McAfee Web Gateway (MWG) Contains an authentication vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.71

sources: NVD: CVE-2020-7293 // JVNDB: JVNDB-2020-011315 // VULHUB: VHN-185418

AFFECTED PRODUCTS

vendor:mcafeemodel:web gatewayscope:ltversion:9.2.3

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:ltversion:7.8.2.23

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:gteversion:8.2.0

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:ltversion:8.2.11

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:gteversion:9.0.0

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:gteversion:7.8.0

Trust: 1.0

vendor:マカフィーmodel:mcafee web gateway ソフトウェアscope:eqversion: -

Trust: 0.8

vendor:マカフィーmodel:mcafee web gateway ソフトウェアscope:ltversion:mcafee web gateway software 9.2.1 less than

Trust: 0.8

sources: JVNDB: JVNDB-2020-011315 // NVD: CVE-2020-7293

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-7293
value: CRITICAL

Trust: 1.0

trellixpsirt@trellix.com: CVE-2020-7293
value: CRITICAL

Trust: 1.0

NVD: CVE-2020-7293
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202009-941
value: CRITICAL

Trust: 0.6

VULHUB: VHN-185418
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-7293
severity: HIGH
baseScore: 7.7
vectorString: AV:A/AC:L/AU:S/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 5.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-185418
severity: HIGH
baseScore: 7.7
vectorString: AV:A/AC:L/AU:S/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 5.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-7293
baseSeverity: CRITICAL
baseScore: 9.0
vectorString: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.3
impactScore: 6.0
version: 3.1

Trust: 2.0

OTHER: JVNDB-2020-011315
baseSeverity: CRITICAL
baseScore: 9.0
vectorString: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-185418 // JVNDB: JVNDB-2020-011315 // CNNVD: CNNVD-202009-941 // NVD: CVE-2020-7293 // NVD: CVE-2020-7293

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.1

problemtype:Improper authentication (CWE-287) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-185418 // JVNDB: JVNDB-2020-011315 // NVD: CVE-2020-7293

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202009-941

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202009-941

PATCH

title:SB10323url:https://kc.mcafee.com/corporate/index?page=content&id=SB10323

Trust: 0.8

title:McAfee Web Gateway Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131060

Trust: 0.6

sources: JVNDB: JVNDB-2020-011315 // CNNVD: CNNVD-202009-941

EXTERNAL IDS

db:NVDid:CVE-2020-7293

Trust: 2.5

db:MCAFEEid:SB10323

Trust: 1.7

db:JVNDBid:JVNDB-2020-011315

Trust: 0.8

db:NSFOCUSid:50039

Trust: 0.6

db:CNNVDid:CNNVD-202009-941

Trust: 0.6

db:VULHUBid:VHN-185418

Trust: 0.1

sources: VULHUB: VHN-185418 // JVNDB: JVNDB-2020-011315 // CNNVD: CNNVD-202009-941 // NVD: CVE-2020-7293

REFERENCES

url:https://kc.mcafee.com/corporate/index?page=content&id=sb10323

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-7293

Trust: 1.4

url:http://www.nsfocus.net/vulndb/50039

Trust: 0.6

url:https://kc.mcafee.com/corporate/index?page=content&id=sb10323

Trust: 0.1

sources: VULHUB: VHN-185418 // JVNDB: JVNDB-2020-011315 // CNNVD: CNNVD-202009-941 // NVD: CVE-2020-7293

SOURCES

db:VULHUBid:VHN-185418
db:JVNDBid:JVNDB-2020-011315
db:CNNVDid:CNNVD-202009-941
db:NVDid:CVE-2020-7293

LAST UPDATE DATE

2024-11-23T22:05:26.354000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-185418date:2022-01-06T00:00:00
db:JVNDBid:JVNDB-2020-011315date:2021-03-26T07:17:00
db:CNNVDid:CNNVD-202009-941date:2022-03-08T00:00:00
db:NVDid:CVE-2020-7293date:2024-11-21T05:37:00.333

SOURCES RELEASE DATE

db:VULHUBid:VHN-185418date:2020-09-15T00:00:00
db:JVNDBid:JVNDB-2020-011315date:2021-03-26T00:00:00
db:CNNVDid:CNNVD-202009-941date:2020-09-15T00:00:00
db:NVDid:CVE-2020-7293date:2020-09-15T23:15:12.440