CVE-2020-7332
HIGHMcAfee Endpoint Security < 10.6.1 - Cross-Site Request Forgery in Firewall ePO Extension
Title source: llmDescription
Cross Site Request Forgery vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows an attacker to execute arbitrary HTML code due to incorrect security configuration.
References (1)
Core 1
Core References
Broken Link, Vendor Advisory x_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10335
Scores
CVSS v3
7.0
EPSS
0.0020
EPSS Percentile
42.2%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L
Details
CWE
CWE-352
Status
published
Products (1)
mcafee/endpoint_security
< 10.6.1
Published
Nov 12, 2020
Tracked Since
Feb 18, 2026