CVE-2020-7293

Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user with low permissions to change the system's root password via improper access controls in the user interface.

CVSS v3.0 9.0 CRITICAL
CVSS v2.0 7.7 HIGH

9.0^/10

CVSS v3.0 : CRITICAL

Vector :

Exploitability : 2.3 / Impact : 6.0

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

7.7^/10

CVSS v2.0 : HIGH

Vector : AV:A/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 5.1 / Impact : 10.0

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://kc.mcafee.com/corporate/index?page=content&id=SB10323	Vendor Advisory

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mcafee:web_gateway::::::::
	cpe:2.3:a:mcafee:web_gateway::::::::
	cpe:2.3:a:mcafee:web_gateway::::::::

Information

Published : 2020-09-15 16:15

Updated : 2022-01-06 06:19

NVD link : CVE-2020-7293

Mitre link : CVE-2020-7293

JSON object : View

CWE

CWE-287

Improper Authentication

Advertisement

Products Affected

mcafee

web_gateway

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10323", "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10323", "tags": ["Vendor Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user with low permissions to change the system's root password via improper access controls in the user interface."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-287"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2020-7293", "ASSIGNER": "psirt@mcafee.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.7, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "acInsufInfo": false, "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 5.1, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.0, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.3}}, "publishedDate": "2020-09-15T23:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "7.8.2.23", "versionStartIncluding": "7.8.0"}, {"cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "8.2.11", "versionStartIncluding": "8.2.0"}, {"cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "9.2.3", "versionStartIncluding": "9.0.0"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-01-06T14:19Z"}