cvelist/2020/7xxx/CVE-2020-7311.json

{
    "CVE_data_meta": {
        "ASSIGNER": "psirt@mcafee.com",
        "DATE_PUBLIC": "2020-09-09T00:00:00.000Z",
        "ID": "CVE-2020-7311",
        "STATE": "PUBLIC",
        "TITLE": " Privilege Escalation vulnerability in MA for Windows "
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "MA for Windows",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<",
                                            "version_name": "5.6.x",
                                            "version_value": "5.6.6"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "McAfee LLC"
                }
            ]
        }
    },
    "credit": [
        {
            "lang": "eng",
            "value": "McAfee credits Sebastian Schuster from Airbus CyberSecurity for responsibly reporting this flaw."
        }
    ],
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "Privilege Escalation vulnerability in the installer in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to assume SYSTEM rights during the installation of MA via manipulation of log files."
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.0.9"
    },
    "impact": {
        "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-274 Improper Handling of Insufficient Privileges"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10325",
                "refsource": "CONFIRM",
                "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10325"
            }
        ]
    },
    "source": {
        "discovery": "EXTERNAL"
    }
}