CVE-2020-7336 — Cross-Site Request Forgery in Network Security Management

CWE-352 — Cross-Site Request Forgery2 documents2 sources

Severity

6.5MEDIUMNVD

EPSS

0.2%

top 62.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mcafee Network Security Management

Timeline

PublishedJan 5

Latest updateMay 24

Description

Cross Site Request Forgery vulnerability in McAfee Network Security Management (NSM) prior to 10.1.7.35 and NSM 9.x prior to 9.2.9.55 may allow an attacker to change the configuration of the Network Security Manager via a carefully crafted HTTP request.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5mcafee/network_security_managementNSM 10.x — 10.1.7.35+1

▶NVDmcafee/network_security_management9.0 — 9.2.9.55+1

🔴Vulnerability Details

GHSA

GHSA-45jg-4c4q-8q3w: Cross Site Request Forgery vulnerability in McAfee Network Security Management (NSM) prior to 10↗2022-05-24

▶