Auto-merge PR#3587

2025-06-19 17:32:41 +00:00 · 2020-04-15 08:00:28 -04:00 · 2020-04-15 08:00:28 -04:00 · 3e1e6edd48
commit 3e1e6edd48
parent ee649370d9 7faa1de16a
1 changed files with 83 additions and 7 deletions
--- a/2020/7xxx/CVE-2020-7257.json
+++ b/2020/7xxx/CVE-2020-7257.json
@ -1,18 +1,94 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
+        "ASSIGNER": "psirt@mcafee.com",
+        "DATE_PUBLIC": "2020-04-14T00:00:00.000Z",
        "ID": "CVE-2020-7257",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": " Privilege Escalation vulnerability through Symbolic links in ENS"
    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "McAfee Endpoint Security (ENS)",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "<",
+                                            "version_name": "10.x",
+                                            "version_value": "10.7.0 April 2020 Update"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "McAfee LLC"
+                }
+            ]
+        }
+    },
+    "credit": [
+        {
+            "lang": "eng",
+            "value": "McAfee  credits  Jakub  Palaczynski  (ING Tech Poland) for reporting this flaw"
+        }
+    ],
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "Privilege escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to cause the deletion and creation of files they would not normally have permission to through altering the target of symbolic links whilst an anti-virus scan was in progress.  This is timing dependent. "
            }
        ]
+    },
+    "generator": {
+        "engine": "Vulnogram 0.0.9"
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "LOW",
+            "attackVector": "LOCAL",
+            "availabilityImpact": "HIGH",
+            "baseScore": 8.4,
+            "baseSeverity": "HIGH",
+            "confidentialityImpact": "NONE",
+            "integrityImpact": "HIGH",
+            "privilegesRequired": "LOW",
+            "scope": "CHANGED",
+            "userInteraction": "NONE",
+            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
+            "version": "3.1"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-264 Permissions, Privileges, and Access Controls"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10309",
+                "refsource": "CONFIRM",
+                "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10309"
+            }
+        ]
+    },
+    "source": {
+        "discovery": "EXTERNAL"
    }
-}
+}