CVE-2020-7302

Unrestricted Upload of File with Dangerous Type in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated attackers to upload malicious files to the DLP case management section via lack of sanity checking.

CVSS v3 5.4 MEDIUM
CVSS v2.0 5.5 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact LOW

Scope CHANGED

5.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:N/I:P/A:P

Exploitability : 8.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://kc.mcafee.com/corporate/index?page=content&id=SB10326
https://kc.mcafee.com/corporate/index?page=content&id=SB10326

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mcafee:data_loss_prevention::::::::
	cpe:2.3:a:mcafee:data_loss_prevention::::::::
	cpe:2.3:a:mcafee:data_loss_prevention::::::::

History

21 Nov 2024, 05:37

Type	Values Removed	Values Added
References	~~() https://kc.mcafee.com/corporate/index?page=content&id=SB10326 -~~	() https://kc.mcafee.com/corporate/index?page=content&id=SB10326 -
CVSS	v2 : ~~5.5~~ v3 : ~~6.4~~	v2 : 5.5 v3 : 5.4

07 Nov 2023, 03:25

Type	Values Removed	Values Added
References	~~(MISC) https://kc.mcafee.com/corporate/index?page=content&id=SB10326 - Vendor Advisory~~	() https://kc.mcafee.com/corporate/index?page=content&id=SB10326 -

Information

Published : 2020-08-13 03:15

Updated : 2024-11-21 05:37

NVD link : CVE-2020-7302

Mitre link : CVE-2020-7302

CVE.ORG link : CVE-2020-7302

JSON object : View

Products Affected

mcafee

data_loss_prevention

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

{"id": "CVE-2020-7302", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "trellixpsirt@trellix.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 2.7, "exploitabilityScore": 2.3}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 2.7, "exploitabilityScore": 3.1}]}, "published": "2020-08-13T03:15:14.570", "references": [{"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10326", "source": "trellixpsirt@trellix.com"}, {"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10326", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "trellixpsirt@trellix.com", "description": [{"lang": "en", "value": "CWE-434"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "Unrestricted Upload of File with Dangerous Type in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated attackers to upload malicious files to the DLP case management section via lack of sanity checking."}, {"lang": "es", "value": "Una Carga de Archivos Sin Restricciones con Tipo Peligroso en la extensi\u00f3n ePO de McAfee Data Loss Prevention (DLP) versiones anteriores a 11.5.3, permite a atacantes autenticados cargar archivos maliciosos en la secci\u00f3n de administraci\u00f3n de casos de DLP por falta de comprobaci\u00f3n de sanidad"}], "lastModified": "2024-11-21T05:37:01.407", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mcafee:data_loss_prevention:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5549CA0D-E484-41B3-9FBF-5A9E48DB3668", "versionEndExcluding": "11.3.28", "versionStartIncluding": "11.3.0"}, {"criteria": "cpe:2.3:a:mcafee:data_loss_prevention:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C387BBB4-FD6A-40EB-B02A-297E45291EF1", "versionEndExcluding": "11.4.200", "versionStartIncluding": "11.4.0"}, {"criteria": "cpe:2.3:a:mcafee:data_loss_prevention:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D292F8EF-8232-4803-A465-18C6CCBB6DEB", "versionEndExcluding": "11.5.3", "versionStartIncluding": "11.5.0"}], "operator": "OR"}]}], "sourceIdentifier": "trellixpsirt@trellix.com"}