CVE-2020-7329

Summary

Server-side request forgery vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers trigger server-side DNS requests to arbitrary domains via carefully constructed XML files loaded by an ePO administrator.

Affected Software

VendorProductVersion RangeStatus
McAfee, LLCMVISION Endpoint ePO extension20.x <= 20.11affected

Weaknesses

  • CWE-918: CWE-918 Server-Side Request Forgery (SSRF)

ADP Enrichment

CVE Program Container

Additional References

References