CVE-2020-7327

EPSS 0.05%
Published 15.10.2020 10:15:11
Last modified 21.11.2024 05:37:04
Source trellixpsirt@trellix.com
Teams watchlist Login
Open Login

Improperly implemented security check in McAfee MVISION Endpoint Detection and Response Client (MVEDR) prior to 3.2.0 may allow local administrators to execute malicious code via stopping a core Windows service leaving McAfee core trust component in an inconsistent state resulting in MVEDR failing open rather than closed

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Mcafee ≫ Mvision Endpoint Detection And Response Version < 3.2.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.05%	0.156

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P
trellixpsirt@trellix.com	6	0.8	5.2	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

CWE-290 Authentication Bypass by Spoofing

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

https://kc.mcafee.com/corporate/index?page=content&id=SB10331

https://nvd.nist.gov/vuln/detail/CVE-2020-7327

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-7327

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-7327

EUVD