Lucene search

[email protected]NVD:CVE-2020-7336

HistoryJan 05, 2021 - 11:15 p.m.

CVE-2020-7336

2021-01-0523:15:15

CWE-352

[email protected]

web.nvd.nist.gov

cve-2020-7336

cross site request forgery

mcafee network security management

unauthorized configuration change

http request

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

0.002

Percentile

61.3%

JSON

Cross Site Request Forgery vulnerability in McAfee Network Security Management (NSM) prior to 10.1.7.35 and NSM 9.x prior to 9.2.9.55 may allow an attacker to change the configuration of the Network Security Manager via a carefully crafted HTTP request.

Affected configurations

Nvd

Node

mcafeenetwork_security_managementRange9.0–9.2.9.55

mcafeenetwork_security_managementRange10.0–10.1.7.35

VendorProductVersionCPE
mcafeenetwork_security_management*cpe:2.3:a:mcafee:network_security_management:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mcafee	network_security_management	*	cpe:2.3:a:mcafee:network_security_management::::::::

References

kc.mcafee.com/corporate/index?page=content&id=SB10341

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

0.002

Percentile

61.3%

JSON

Related for NVD:CVE-2020-7336

cve1 cvelist1 prion1