CVE-2020-7305 is a vulnerability in McAfee Data Loss Prevention
Published on August 13, 2020

DLP ePO extension - Privilege escalation
Privilege escalation vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows a low privileged remote attacker to create new rule sets via incorrect validation of user credentials.

NVD

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

REQUIRED

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

NONE

Weakness Type

Improper Privilege Management

The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Products Associated with CVE-2020-7305

Want to know whenever a new CVE is published for McAfee Data Loss Prevention? stack.watch will email you.

McAfee Data Loss Prevention

Affected Versions

McAfee DLP ePO extension:

Version 11.3 and below 11.3.28 is affected.
Version 11.4 and below 11.4.200 is affected.
Version 11.5 and below 11.5.3 is affected.

Exploit Probability

EPSS

0.16%

Percentile

36.40%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.