U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): MVISION
  • Search Type: Search All
  • Match: Exact
  • CPE Name Search: false
There are 8 matching records.
Displaying matches 1 through 8.
Vuln ID Summary CVSS Severity
CVE-2021-31838

A command injection vulnerability in MVISION EDR (MVEDR) prior to 3.4.0 allows an authenticated MVEDR administrator to trigger the EDR client to execute arbitrary commands through PowerShell using the EDR functionality 'execute reaction'.

Published: June 29, 2021; 6:15:08 AM -0400
V3.1: 9.1 CRITICAL
V2.0: 9.0 HIGH
CVE-2020-7329

Server-side request forgery vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers trigger server-side DNS requests to arbitrary domains via carefully constructed XML files loaded by an ePO administrator.

Published: November 11, 2020; 5:15:11 AM -0500
V3.1: 7.2 HIGH
V2.0: 6.5 MEDIUM
CVE-2020-7328

External entity attack vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers to gain control of a resource or trigger arbitrary code execution via improper input validation of an HTTP request, where the content for the attack has been loaded into ePO by an ePO administrator.

Published: November 11, 2020; 4:15:11 AM -0500
V3.1: 7.2 HIGH
V2.0: 6.5 MEDIUM
CVE-2020-7327

Improperly implemented security check in McAfee MVISION Endpoint Detection and Response Client (MVEDR) prior to 3.2.0 may allow local administrators to execute malicious code via stopping a core Windows service leaving McAfee core trust component in an inconsistent state resulting in MVEDR failing open rather than closed

Published: October 15, 2020; 6:15:11 AM -0400
V3.1: 6.7 MEDIUM
V2.0: 4.6 MEDIUM
CVE-2020-7325

Privilege Escalation vulnerability in McAfee MVISION Endpoint prior to 20.9 Update allows local users to access files which the user otherwise would not have access to via manipulating symbolic links to redirect McAfee file operations to an unintended file.

Published: September 09, 2020; 6:15:11 AM -0400
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2020-7324

Improper Access Control vulnerability in McAfee MVISION Endpoint prior to 20.9 Update allows local users to bypass security mechanisms and deny access to the SYSTEM folder via incorrectly applied permissions.

Published: September 09, 2020; 6:15:11 AM -0400
V3.1: 6.1 MEDIUM
V2.0: 3.6 LOW
CVE-2020-7285

Privilege Escalation vulnerability in McAfee MVISION Endpoint prior to 20.5.0.94 allows a malicious script or program to perform functions that the local executing user has not been granted access to.

Published: May 08, 2020; 9:15:11 AM -0400
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2019-3584

Exploitation of Authentication vulnerability in MVision Endpoint in McAfee MVision Endpoint Prior to 1811 Update 1 (18.11.31.62) allows authenticated administrator users --> administrators to Remove MVision Endpoint via unspecified vectors.

Published: January 23, 2019; 10:29:00 AM -0500
V3.0: 6.0 MEDIUM
V2.0: 3.6 LOW