ByteOS Network

NVD Vulnerability Details :

CVE-2020-7339

Analyzed

Source-trellixpsirt@trellix.com

Published At-10 Dec, 2020 | 00:15

Updated At-16 Nov, 2023 | 03:11

Use of a Broken or Risky Cryptographic Algorithm vulnerability in McAfee Database Security Server and Sensor prior to 4.8.0 in the form of a SHA1 signed certificate that would allow an attacker on the same local network to potentially intercept communication between the Server and Sensors.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	6.3	MEDIUM	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Secondary	3.1	6.3	MEDIUM	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Primary	2.0	5.8	MEDIUM	AV:A/AC:L/Au:N/C:P/I:P/A:P

Type: Primary

Version: 3.1

Base score: 6.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Type: Secondary

Version: 3.1

Base score: 6.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Type: Primary

Version: 2.0

Base score: 5.8

Base severity: MEDIUM

Vector:

AV:A/AC:L/Au:N/C:P/I:P/A:P

CPE Matches

McAfee, LLC

>>database_security>>Versions before 4.8.0(exclusive)

cpe:2.3:a:mcafee:database_security:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-327	Primary	nvd@nist.gov
CWE-327	Secondary	trellixpsirt@trellix.com

CWE ID: CWE-327

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-327

Type: Secondary

Source: trellixpsirt@trellix.com

References

Hyperlink	Source	Resource
https://kc.mcafee.com/corporate/index?page=content&id=SB10340	trellixpsirt@trellix.com	Broken Link Vendor Advisory

Hyperlink: https://kc.mcafee.com/corporate/index?page=content&id=SB10340

Source: trellixpsirt@trellix.com

Resource:

Broken Link

Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History