Details of VAR-202009-1439

ID

VAR-202009-1439

CVE

CVE-2020-7268

TITLE

McAfee Email Gateway Traversal Vulnerability in Japan

Trust: 0.8

sources: JVNDB: JVNDB-2020-011321

DESCRIPTION

Path Traversal vulnerability in McAfee McAfee Email Gateway (MEG) prior to 7.6.406 allows remote attackers to traverse the file system to access files or directories that are outside of the restricted directory via external input to construct a path name that should be within a restricted directory. Attackers can use this vulnerability to access restricted directories. outside location

Trust: 1.71

sources: NVD: CVE-2020-7268 // JVNDB: JVNDB-2020-011321 // VULHUB: VHN-185393

AFFECTED PRODUCTS

vendor:	mcafee	model:	email gateway	scope:	lt	version:	7.6.406	Trust: 1.0
vendor:	マカフィー	model:	mcafee email gateway	scope:	eq	version:	-	Trust: 0.8
vendor:	マカフィー	model:	mcafee email gateway	scope:	lt	version:	7.6.406 less than	Trust: 0.8

sources: JVNDB: JVNDB-2020-011321 // NVD: CVE-2020-7268

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-7268
value:	MEDIUM
Trust: 1.0
trellixpsirt@trellix.com:	CVE-2020-7268
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-7268
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202009-906
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-185393
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-7268
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-185393
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-7268
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2020-011321
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-185393 // JVNDB: JVNDB-2020-011321 // CNNVD: CNNVD-202009-906 // NVD: CVE-2020-7268 // NVD: CVE-2020-7268

PROBLEMTYPE DATA

problemtype:	CWE-22	Trust: 1.1
problemtype:	Path traversal (CWE-22) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-185393 // JVNDB: JVNDB-2020-011321 // NVD: CVE-2020-7268

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202009-906

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202009-906

PATCH

title:	SB10323	url:	https://kc.mcafee.com/corporate/index?page=content&id=SB10323	Trust: 0.8
title:	McAfee Email Gateway Repair measures for path traversal vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=128336	Trust: 0.6

sources: JVNDB: JVNDB-2020-011321 // CNNVD: CNNVD-202009-906

EXTERNAL IDS

db:	NVD	id:	CVE-2020-7268	Trust: 2.5
db:	MCAFEE	id:	SB10323	Trust: 1.7
db:	JVNDB	id:	JVNDB-2020-011321	Trust: 0.8
db:	NSFOCUS	id:	50044	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3165	Trust: 0.6
db:	CNNVD	id:	CNNVD-202009-906	Trust: 0.6
db:	CNVD	id:	CNVD-2020-54148	Trust: 0.1
db:	VULHUB	id:	VHN-185393	Trust: 0.1

sources: VULHUB: VHN-185393 // JVNDB: JVNDB-2020-011321 // CNNVD: CNNVD-202009-906 // NVD: CVE-2020-7268

REFERENCES

url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10323	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-7268	Trust: 1.4
url:	http://www.nsfocus.net/vulndb/50044	Trust: 0.6
url:	https://vigilance.fr/vulnerability/mcafee-email-gateway-directory-traversal-via-web-mail-user-interface-33320	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3165/	Trust: 0.6
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10323	Trust: 0.1

sources: VULHUB: VHN-185393 // JVNDB: JVNDB-2020-011321 // CNNVD: CNNVD-202009-906 // NVD: CVE-2020-7268

SOURCES

db:	VULHUB	id:	VHN-185393
db:	JVNDB	id:	JVNDB-2020-011321
db:	CNNVD	id:	CNNVD-202009-906
db:	NVD	id:	CVE-2020-7268

LAST UPDATE DATE

2024-11-23T22:05:26.485000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-185393	date:	2022-01-06T00:00:00
db:	JVNDB	id:	JVNDB-2020-011321	date:	2021-03-26T07:17:00
db:	CNNVD	id:	CNNVD-202009-906	date:	2020-11-02T00:00:00
db:	NVD	id:	CVE-2020-7268	date:	2024-11-21T05:36:57.680

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-185393	date:	2020-09-16T00:00:00
db:	JVNDB	id:	JVNDB-2020-011321	date:	2021-03-26T00:00:00
db:	CNNVD	id:	CNNVD-202009-906	date:	2020-09-15T00:00:00
db:	NVD	id:	CVE-2020-7268	date:	2020-09-16T02:15:12.553