Mvision Endpoint
CVE-2020-7328
HIGH
Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
External entity attack vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers to gain control of a resource or trigger arbitrary code execution via improper input validation of an HTTP request, where the content for the attack has been loaded into ePO by an ePO administrator.
AnalysisAI
External entity attack vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers to gain control of a resource or trigger arbitrary code execution via. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Server-Side Request Forgery (SSRF) (CWE-918), which allows attackers to make the server perform requests to unintended internal or external resources. External entity attack vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers to gain control of a resource or trigger arbitrary code execution via improper input validation of an HTTP request, where the content for the attack has been loaded into ePO by an ePO administrator. Affected products include: Mcafee Mvision Endpoint. Version information: prior to 20.11.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and allowlist destination URLs, block requests to internal networks, use network segmentation.
More in Mvision Endpoint
View allPrivilege Escalation vulnerability in McAfee MVISION Endpoint prior to 20.9 Update allows local users to access files wh
Privilege Escalation vulnerability in McAfee MVISION Endpoint prior to 20.5.0.94 allows a malicious script or program to
Server-side request forgery vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote a
Improper Access Control vulnerability in McAfee MVISION Endpoint prior to 20.9 Update allows local users to bypass secur
Exploitation of Authentication vulnerability in MVision Endpoint in McAfee MVision Endpoint Prior to 1811 Update 1 (18.1
Same weakness CWE-918 – Server-Side Request Forgery (SSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today