Vulnerabilities > CVE-2020-7328 - Server-Side Request Forgery (SSRF) vulnerability in Mcafee Mvision Endpoint

CVSS 7.2 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

mcafee

CWE-918

NVD

Published: 2020-11-11

Updated: 2023-11-16

Summary

External entity attack vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers to gain control of a resource or trigger arbitrary code execution via improper input validation of an HTTP request, where the content for the attack has been loaded into ePO by an ePO administrator.

Vulnerable Configurations

Part	Description	Count
Application	Mcafee Mcafee Mvision Endpoint - Mcafee Mvision Endpoint 18.11.31.62 Mcafee Mvision Endpoint 20.5.0.94 Mcafee Mvision Endpoint 20.7 Mcafee Mvision Endpoint 20.9	5

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://kc.mcafee.com/corporate/index?page=content&id=SB10334