From 363c5e95d53a37d685c8f503eb93600982e476f3 Mon Sep 17 00:00:00 2001 From: Swayam Sarangi <52279915+ssarangi1202@users.noreply.github.com> Date: Thu, 12 Mar 2020 16:29:07 +0530 Subject: [PATCH] Publish CVE-2020=7254 SB is already live --- 2020/7xxx/CVE-2020-7254.json | 98 +++++++++++++++++++++++++++++++++--- 1 file changed, 91 insertions(+), 7 deletions(-) diff --git a/2020/7xxx/CVE-2020-7254.json b/2020/7xxx/CVE-2020-7254.json index 1453e5d6f9f..a7493a97b38 100644 --- a/2020/7xxx/CVE-2020-7254.json +++ b/2020/7xxx/CVE-2020-7254.json @@ -1,18 +1,102 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@mcafee.com", + "DATE_PUBLIC": "2020-03-10T00:00:00.000Z", "ID": "CVE-2020-7254", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Privilege escalation in Advanced Threat Defense" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": " McAfee Advanced Threat Defense (ATD)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "4.x", + "version_value": "4.8.2" + } + ] + } + } + ] + }, + "vendor_name": "McAfee, LLC" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "McAfee credits Jerome Nokin from NCIA for responsibly reporting CVE-2020-7254" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Privilege Escalation vulnerability in the command line interface in McAfee Advanced Threat Defense (ATD) 4.x prior to 4.8.2 allows local users to execute arbitrary code via improper access controls on the sudo command." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-264 Permissions, Privileges, and Access Controls" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-269 Improper Privilege Management" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10311", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10311" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } -} \ No newline at end of file +}