CVE-2020-7294: Web Gateway (MWG) - Privilege Escalation vulnerability
First published: Tue Sep 15 2020(Updated: )
Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected files via improper access controls in the REST interface.
Credit: psirt@mcafee.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| McAfee Web Gateway | >=7.8.0<7.8.2.23 | |
| McAfee Web Gateway | >=8.2.0<8.2.11 | |
| McAfee Web Gateway | >=9.0.0<9.2.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2020-7294?
CVE-2020-7294 is a privilege escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1.
How does CVE-2020-7294 affect McAfee Web Gateway?
CVE-2020-7294 allows an authenticated user to delete or download protected files via improper access controls in the REST interface.
What software versions are affected by CVE-2020-7294?
McAfee Web Gateway versions 7.8.0 to 7.8.2.23, 8.2.0 to 8.2.11, and 9.0.0 to 9.2.3 are affected by CVE-2020-7294.
What is the severity of CVE-2020-7294?
CVE-2020-7294 has a severity rating of 4.6 (medium).
How can I fix CVE-2020-7294?
To fix CVE-2020-7294, users should update McAfee Web Gateway to version 9.2.1 or later.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/title
- agent/weakness
- agent/severity
- agent/references
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/description
- agent/tags
- agent/source
- vendor/mcafee
- canonical/mcafee web gateway
- version/mcafee web gateway/7.8.0
- version/mcafee web gateway/8.2.0
- version/mcafee web gateway/9.0.0