nvd-json-data-feeds/CVE-2020/CVE-2020-72xx/CVE-2020-7257.json

{
  "id": "CVE-2020-7257",
  "sourceIdentifier": "psirt@mcafee.com",
  "published": "2020-04-15T12:15:11.917",
  "lastModified": "2020-04-17T14:44:09.133",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "Privilege escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to cause the deletion and creation of files they would not normally have permission to through altering the target of symbolic links whilst an anti-virus scan was in progress. This is timing dependent."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de escalada de privilegios en McAfee Endpoint Security (ENS) para Windows versi\u00f3n anterior a 10.7.0 Update de Febrero de 2020, permite a usuarios locales causar la eliminaci\u00f3n y  creaci\u00f3n de archivos para los que normalmente no tendr\u00edan permiso al alterar el objetivo de los enlaces simb\u00f3licos mientras un escaneo de antivirus estaba en progreso. Esto depende de la sincronizaci\u00f3n."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
          "attackVector": "LOCAL",
          "attackComplexity": "HIGH",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 6.3,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 5.2
      },
      {
        "source": "psirt@mcafee.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "CHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 8.4,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 2.0,
        "impactScore": 5.8
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P",
          "accessVector": "LOCAL",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.3
        },
        "baseSeverity": "LOW",
        "exploitabilityScore": 3.4,
        "impactScore": 4.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ]
    },
    {
      "source": "psirt@mcafee.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:mcafee:endpoint_security:10.5.0:*:*:*:*:windows:*:*",
              "matchCriteriaId": "6AC514CA-D094-433D-9561-99048D43902F"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:mcafee:endpoint_security:10.5.1:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1B7AE3E9-DDCE-4119-B57D-B3D471E05B16"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:mcafee:endpoint_security:10.5.2:*:*:*:*:windows:*:*",
              "matchCriteriaId": "603FE358-FADA-4FE6-B3F2-169D032A57E9"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:mcafee:endpoint_security:10.5.3:*:*:*:*:windows:*:*",
              "matchCriteriaId": "66461D42-AE21-41B3-9FCB-3F6D09AC323E"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:mcafee:endpoint_security:10.5.4:*:*:*:*:windows:*:*",
              "matchCriteriaId": "DCC441CF-5EA0-41C1-AE15-6672FF20B73A"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:mcafee:endpoint_security:10.5.5:*:*:*:*:windows:*:*",
              "matchCriteriaId": "A6551AB4-1B0F-4EE3-8ED1-99413E3F19DD"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:mcafee:endpoint_security:10.6.0:*:*:*:*:windows:*:*",
              "matchCriteriaId": "94732038-F35D-41AB-A550-E6F5FF9004DF"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10309",
      "source": "psirt@mcafee.com",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}