CVE-2020-7293

Published: Sep 15, 2020Modified: Nov 21, 2024

9.0

Vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Exploitability: 2.3 / Impact: 6.0

Source: NVD

Description

Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user with low permissions to change the system's root password via improper access controls in the user interface.

Affected (3)

Products: Mcafee: Web Gateway

Mcafee

1 product

Web Gateway

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Mcafee Web Gateway	From 7.8.0 to 7.8.2.23
Mcafee Web Gateway	From 8.2.0 to 8.2.11
Mcafee Web Gateway	From 9.0.0 to 9.2.3

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

https://kc.mcafee.com/corporate/index?page=content&id=SB10323

Source: trellixpsirt@trellix.com

https://kc.mcafee.com/corporate/index?page=content&id=SB10323

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.