CVE-2020-7293: Web Gateway (MWG) - Privilege Escalation vulnerability
First published: Tue Sep 15 2020(Updated: )
Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user with low permissions to change the system's root password via improper access controls in the user interface.
Credit: psirt@mcafee.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| McAfee Web Gateway | >=7.8.0<7.8.2.23 | |
| McAfee Web Gateway | >=8.2.0<8.2.11 | |
| McAfee Web Gateway | >=9.0.0<9.2.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2020-7293?
CVE-2020-7293 is a privilege escalation vulnerability in McAfee Web Gateway (MWG) prior to version 9.2.1.
How does CVE-2020-7293 impact the system?
CVE-2020-7293 allows an authenticated user with low permissions to change the system's root password via improper access controls in the user interface.
Which versions of McAfee Web Gateway are affected by CVE-2020-7293?
McAfee Web Gateway versions 7.8.0 to 7.8.2.23, 8.2.0 to 8.2.11, and 9.0.0 to 9.2.3 are affected by CVE-2020-7293.
How severe is CVE-2020-7293?
CVE-2020-7293 has a severity rating of critical (9 out of 10).
How can I fix CVE-2020-7293?
To fix CVE-2020-7293, users should upgrade to McAfee Web Gateway version 9.2.1 or later.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/title
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- agent/source
- vendor/mcafee
- canonical/mcafee web gateway
- version/mcafee web gateway/7.8.0
- version/mcafee web gateway/8.2.0
- version/mcafee web gateway/9.0.0