CVE-2020-7324

Improper Access Control vulnerability in McAfee MVISION Endpoint prior to 20.9 Update allows local users to bypass security mechanisms and deny access to the SYSTEM folder via incorrectly applied permissions.

CVSS v3 6.1 MEDIUM
CVSS v2.0 3.6 LOW

6.1^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 4.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

3.6^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:N/I:P/A:P

Exploitability : 3.9 / Impact : 4.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://kc.mcafee.com/corporate/index?page=content&id=SB10328
https://kc.mcafee.com/corporate/index?page=content&id=SB10328

Configurations

Configuration 1 (hide)

cpe:2.3:a:mcafee:mvision_endpoint:*:*:*:*:*:*:*:*

History

21 Nov 2024, 05:37

Type	Values Removed	Values Added
References	~~() https://kc.mcafee.com/corporate/index?page=content&id=SB10328 -~~	() https://kc.mcafee.com/corporate/index?page=content&id=SB10328 -

07 Nov 2023, 03:26

Type	Values Removed	Values Added
References	~~(CONFIRM) https://kc.mcafee.com/corporate/index?page=content&id=SB10328 - Vendor Advisory~~	() https://kc.mcafee.com/corporate/index?page=content&id=SB10328 -

Information

Published : 2020-09-09 10:15

Updated : 2024-11-21 05:37

NVD link : CVE-2020-7324

Mitre link : CVE-2020-7324

CVE.ORG link : CVE-2020-7324

JSON object : View

Products Affected

mcafee

mvision_endpoint

CWE

CWE-269

Improper Privilege Management

{"id": "CVE-2020-7324", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "trellixpsirt@trellix.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 4.2, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 4.2, "exploitabilityScore": 1.8}]}, "published": "2020-09-09T10:15:11.710", "references": [{"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10328", "source": "trellixpsirt@trellix.com"}, {"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10328", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "trellixpsirt@trellix.com", "description": [{"lang": "en", "value": "CWE-269"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "Improper Access Control vulnerability in McAfee MVISION Endpoint prior to 20.9 Update allows local users to bypass security mechanisms and deny access to the SYSTEM folder via incorrectly applied permissions."}, {"lang": "es", "value": "Una vulnerabilidad de Control de Acceso Inapropiado en McAfee MVISION Endpoint anterior a la actualizaci\u00f3n 20.9, permite a usuarios locales omitir los mecanismos de seguridad y denegar el acceso a la carpeta SYSTEM mediante permisos aplicados incorrectamente."}], "lastModified": "2024-11-21T05:37:03.800", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mcafee:mvision_endpoint:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B3D9970-56F4-4B39-B1DC-C112253B725A", "versionEndExcluding": "20.9"}], "operator": "OR"}]}], "sourceIdentifier": "trellixpsirt@trellix.com"}