CVE-2020-7268: McAfee Email Gateway (MEG) - Path Traversal vulnerability
First published: Wed Sep 16 2020(Updated: )
Path Traversal vulnerability in McAfee McAfee Email Gateway (MEG) prior to 7.6.406 allows remote attackers to traverse the file system to access files or directories that are outside of the restricted directory via external input to construct a path name that should be within a restricted directory.
Credit: psirt@mcafee.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| McAfee Email Gateway | <7.6.406 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability CVE-2020-7268?
CVE-2020-7268 is a Path Traversal vulnerability in McAfee Email Gateway (MEG) prior to 7.6.406 that allows remote attackers to access files or directories outside of the restricted directory.
How can remote attackers exploit CVE-2020-7268?
Remote attackers can exploit CVE-2020-7268 by using external input to construct a path name that should be within a restricted directory.
What is the severity level of CVE-2020-7268?
CVE-2020-7268 has a severity level of medium (4.3).
Which version of McAfee Email Gateway is affected by CVE-2020-7268?
CVE-2020-7268 affects McAfee Email Gateway prior to version 7.6.406.
How can I fix the Path Traversal vulnerability in McAfee Email Gateway?
To fix the Path Traversal vulnerability in McAfee Email Gateway, update to version 7.6.406 or later.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/title
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/mcafee
- canonical/mcafee email gateway