CVE-2020-7328: Server-Side Request Forgery (SSRF) in MVISION Endpoint ePO extension
First published: Wed Nov 11 2020(Updated: )
External entity attack vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers to gain control of a resource or trigger arbitrary code execution via improper input validation of an HTTP request, where the content for the attack has been loaded into ePO by an ePO administrator.
Credit: psirt@mcafee.com trellixpsirt@trellix.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| McAfee MVISION Endpoint | <20.11 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2020-7328.
What is the severity level of CVE-2020-7328?
The severity level of CVE-2020-7328 is high (7.2).
What is the affected software for CVE-2020-7328?
The affected software for CVE-2020-7328 is McAfee MVISION Endpoint prior to version 20.11.
How can remote attackers exploit CVE-2020-7328?
Remote attackers can exploit CVE-2020-7328 by gaining control of a resource or triggering arbitrary code execution through improper input validation of an HTTP request.
Is there a fix available for CVE-2020-7328?
Yes, a fix is available for CVE-2020-7328. It is recommended to update to version 20.11 or later of McAfee MVISION Endpoint.
- collector/nvd-index
- collector/nvd-api
- agent/weakness
- agent/type
- agent/author
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/title
- agent/severity
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/mcafee
- canonical/mcafee mvision endpoint