cvelist/2020/7xxx/CVE-2020-7293.json

{
    "CVE_data_meta": {
        "ASSIGNER": "psirt@mcafee.com",
        "ID": "CVE-2020-7293",
        "STATE": "PUBLIC",
        "TITLE": "Web Gateway (MWG) - Privilege Escalation vulnerability"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "McAfee Web Gateway (MWG)",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<",
                                            "version_value": "9.2.1"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "McAfee"
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user with low permissions to change the system's root password via improper access controls in the user interface."
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.0.9"
    },
    "impact": {
        "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-287: Improper Authentication"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "refsource": "MISC",
                "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10323",
                "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10323"
            }
        ]
    },
    "source": {
        "advisory": "SB10323",
        "discovery": "EXTERNAL"
    }
}
"-Synchronized-Data." 2020-01-21 14:01:28 +00:00			`{`
			`"CVE_data_meta": {`
Publish CVE-2020-7293 2020-09-15 17:49:19 -05:00			`"ASSIGNER": "psirt@mcafee.com",`
"-Synchronized-Data." 2020-01-21 14:01:28 +00:00			`"ID": "CVE-2020-7293",`
Publish CVE-2020-7293 2020-09-15 17:49:19 -05:00			`"STATE": "PUBLIC",`
			`"TITLE": "Web Gateway (MWG) - Privilege Escalation vulnerability"`
"-Synchronized-Data." 2020-01-21 14:01:28 +00:00			`},`
Publish CVE-2020-7293 2020-09-15 17:49:19 -05:00			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "McAfee Web Gateway (MWG)",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": "<",`
			`"version_value": "9.2.1"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "McAfee"`
			`}`
			`]`
			`}`
			`},`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
"-Synchronized-Data." 2020-01-21 14:01:28 +00:00			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2020-09-15 23:01:47 +00:00			`"value": "Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user with low permissions to change the system's root password via improper access controls in the user interface."`
Publish CVE-2020-7293 2020-09-15 17:49:19 -05:00			`}`
			`]`
			`},`
			`"generator": {`
			`"engine": "Vulnogram 0.0.9"`
			`},`
			`"impact": {`
			`"cvss": {`
			`"attackComplexity": "LOW",`
			`"attackVector": "ADJACENT_NETWORK",`
			`"availabilityImpact": "HIGH",`
			`"baseScore": 9,`
			`"baseSeverity": "CRITICAL",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "HIGH",`
			`"privilegesRequired": "LOW",`
			`"scope": "CHANGED",`
			`"userInteraction": "NONE",`
			`"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",`
			`"version": "3.1"`
			`}`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
Update CVE-2020-7293.json 2020-10-19 10:21:00 +01:00			`"value": "CWE-287: Improper Authentication"`
Publish CVE-2020-7293 2020-09-15 17:49:19 -05:00			`}`
			`]`
"-Synchronized-Data." 2020-01-21 14:01:28 +00:00			`}`
			`]`
Publish CVE-2020-7293 2020-09-15 17:49:19 -05:00			`},`
			`"references": {`
			`"reference_data": [`
			`{`
"-Synchronized-Data." 2020-09-15 23:01:47 +00:00			`"refsource": "MISC",`
			`"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10323",`
			`"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10323"`
Publish CVE-2020-7293 2020-09-15 17:49:19 -05:00			`}`
			`]`
			`},`
			`"source": {`
			`"advisory": "SB10323",`
			`"discovery": "EXTERNAL"`
"-Synchronized-Data." 2020-01-21 14:01:28 +00:00			`}`
Update CVE-2020-7293.json 2020-10-19 10:21:00 +01:00			`}`