From 7faa1de16af30e1788a883220a903193351384ae Mon Sep 17 00:00:00 2001 From: Swayam Sarangi <52279915+ssarangi1202@users.noreply.github.com> Date: Wed, 15 Apr 2020 17:26:56 +0530 Subject: [PATCH] Publish CVE-2020-7257 SB is live --- 2020/7xxx/CVE-2020-7257.json | 90 +++++++++++++++++++++++++++++++++--- 1 file changed, 83 insertions(+), 7 deletions(-) diff --git a/2020/7xxx/CVE-2020-7257.json b/2020/7xxx/CVE-2020-7257.json index 020455b156a..5a416ebdd6b 100644 --- a/2020/7xxx/CVE-2020-7257.json +++ b/2020/7xxx/CVE-2020-7257.json @@ -1,18 +1,94 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@mcafee.com", + "DATE_PUBLIC": "2020-04-14T00:00:00.000Z", "ID": "CVE-2020-7257", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": " Privilege Escalation vulnerability through Symbolic links in ENS" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "McAfee Endpoint Security (ENS)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.x", + "version_value": "10.7.0 April 2020 Update" + } + ] + } + } + ] + }, + "vendor_name": "McAfee LLC" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "McAfee  credits  Jakub  Palaczynski  (ING Tech Poland) for reporting this flaw" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Privilege escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to cause the deletion and creation of files they would not normally have permission to through altering the target of symbolic links whilst an anti-virus scan was in progress. This is timing dependent. " } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-264 Permissions, Privileges, and Access Controls" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10309", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10309" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } -} \ No newline at end of file +}