Lucene search

TrellixCVELIST:CVE-2020-7254

HistoryMar 12, 2020 - 11:00 a.m.

CVE-2020-7254 Privilege escalation in Advanced Threat Defense

2020-03-1211:00:18

CWE-264

CWE-269

trellix

www.cve.org

CVSS3

7.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:H

EPSS

Percentile

5.1%

JSON

Privilege Escalation vulnerability in the command line interface in McAfee Advanced Threat Defense (ATD) 4.x prior to 4.8.2 allows local users to execute arbitrary code via improper access controls on the sudo command.

CNA Affected

[
  {
    "product": "McAfee Advanced Threat Defense (ATD)",
    "vendor": "McAfee, LLC",
    "versions": [
      {
        "lessThan": "4.8.2",
        "status": "affected",
        "version": "4.x",
        "versionType": "custom"
      }
    ]
  }
]

References

kc.mcafee.com/corporate/index?page=content&id=SB10311

CVSS3

7.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:H

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2020-7254