cvelist/2020/7xxx/CVE-2020-7254.json

{
    "CVE_data_meta": {
        "ASSIGNER": "psirt@mcafee.com",
        "DATE_PUBLIC": "2020-03-10T00:00:00.000Z",
        "ID": "CVE-2020-7254",
        "STATE": "PUBLIC",
        "TITLE": "Privilege escalation in Advanced Threat Defense"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": " McAfee Advanced Threat Defense (ATD)",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<",
                                            "version_name": "4.x",
                                            "version_value": "4.8.2"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "McAfee, LLC"
                }
            ]
        }
    },
    "credit": [
        {
            "lang": "eng",
            "value": "McAfee credits Jerome Nokin from NCIA for responsibly reporting CVE-2020-7254"
        }
    ],
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "Privilege Escalation vulnerability in the command line interface in McAfee Advanced Threat Defense (ATD) 4.x prior to 4.8.2 allows local users to execute arbitrary code via improper access controls on the sudo command."
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.0.9"
    },
    "impact": {
        "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:H",
            "version": "3.1"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-264 Permissions, Privileges, and Access Controls"
                    }
                ]
            },
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-269 Improper Privilege Management"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10311",
                "refsource": "CONFIRM",
                "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10311"
            }
        ]
    },
    "source": {
        "discovery": "EXTERNAL"
    }
}