CVSS: 6.6EPSS: 0%CPEs: 2EXPL: 0CVE-2020-7336 – Network Security Management (NSM) - Cross Site Request Forgery vulnerability
https://notcve.org/view.php?id=CVE-2020-7336
Cross Site Request Forgery vulnerability in McAfee Network Security Management (NSM) prior to 10.1.7.35 and NSM 9.x prior to 9.2.9.55 may allow an attacker to change the configuration of the Network Security Manager via a carefully crafted HTTP request. Una vulnerabilidad de tipo Cross Site Request Forgery en McAfee Network Security Management (NSM) versiones anteriores a 10.1.7.35 y NSM versiones 9.x anteriores a 9.2.9.55, puede permitir a un atacante cambiar la configuración de Network Security Manager por medio de una petición HTTP cuidadosamente diseñada • https://kc.mcafee.com/corporate/index?page=content&id=SB10341 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7339 – Database Security(DBS)-Use of a Broken or Risky Cryptographic Algorithm
https://notcve.org/view.php?id=CVE-2020-7339
Use of a Broken or Risky Cryptographic Algorithm vulnerability in McAfee Database Security Server and Sensor prior to 4.8.0 in the form of a SHA1 signed certificate that would allow an attacker on the same local network to potentially intercept communication between the Server and Sensors. Una vulnerabilidad de Uso de Algoritmo Criptográfico Roto o Arriesgado en McAfee Database Security Server and Sensor versiones anteriores a 4.8.0, en forma de un certificado firmado SHA1 que permitiría a un atacante en la misma red local interceptar potencialmente la comunicación entre el servidor y los sensores. • https://kc.mcafee.com/corporate/index?page=content&id=SB10340 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 6.7EPSS: 0%CPEs: 17EXPL: 0CVE-2020-7337 – Incorrect Permission Assignment for Critical Resource
https://notcve.org/view.php?id=CVE-2020-7337
Incorrect Permission Assignment for Critical Resource vulnerability in McAfee VirusScan Enterprise (VSE) prior to 8.8 Patch 16 allows local administrators to bypass local security protection through VSE not correctly integrating with Windows Defender Application Control via careful manipulation of the Code Integrity checks. Una vulnerabilidad de Asignación de Permisos Incorrecta de Recursos Críticos en McAfee VirusScan Enterprise (VSE) versiones anteriores a 8.8 Parche 16 permite a administradores locales omitir la protección de seguridad local por medio de VSE que no se integra correctamente con Windows Defender Application Control mediante la manipulación cuidadosa de las comprobaciones de Integridad del Código • https://kc.mcafee.com/corporate/index?page=content&id=SB10338 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7335 – Privilege Escalation vulnerability in McAfee Total Protection (MTP)
https://notcve.org/view.php?id=CVE-2020-7335
Privilege Escalation vulnerability in Microsoft Windows client McAfee Total Protection (MTP) prior to 16.0.29 allows local users to gain elevated privileges via careful manipulation of a folder by creating a junction link. This exploits a lack of protection through a timing issue and is only exploitable in a small time window. Una vulnerabilidad de Escalada de Privilegios en el cliente de Microsoft Windows de McAfee Total Protection (MTP) versiones anteriores a 16.0.29, permite a usuarios locales alcanzar privilegios elevados por medio de la manipulación cuidadosa de una carpeta al crear un enlace de unión. Esto explota una falta de protección mediante un problema de sincronización y solo es explotable en una pequeña ventana de tiempo This vulnerability allows local attackers to escalate privileges on affected installations of McAfee Total Protection. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of junctions. • http://service.mcafee.com/FAQDocument.aspx?&id=TS103089 https://www.zerodayinitiative.com/advisories/ZDI-20-1388 • CWE-269: Improper Privilege Management •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7333 – Cross-site Scripting (XSS) in firewall ePO extension of McAfee Endpoint Security (ENS)
https://notcve.org/view.php?id=CVE-2020-7333
Cross site scripting vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows administrators to inject arbitrary web script or HTML via the configuration wizard. Una Vulnerabilidad de tipo Cross site scripting en la extensión ePO de firewall de McAfee Endpoint Security (ENS) versiones anteriores a 10.7.0, actualización de Noviembre de 2020, permite a los administradores inyectar script web o HTML arbitrario por medio del asistente de configuración • https://kc.mcafee.com/corporate/index?page=content&id=SB10335 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •