CVE-2020-7254

Published: Mar 12, 2020Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Privilege Escalation vulnerability in the command line interface in McAfee Advanced Threat Defense (ATD) 4.x prior to 4.8.2 allows local users to execute arbitrary code via improper access controls on the sudo command.

Affected (1)

Products: Mcafee: Advanced Threat Defense

Mcafee

1 product

Advanced Threat Defense

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mcafee Advanced Threat Defense	From 4.0 to 4.8.2

Related CWEs

CWE-264

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://kc.mcafee.com/corporate/index?page=content&id=SB10311

Source: trellixpsirt@trellix.com

https://kc.mcafee.com/corporate/index?page=content&id=SB10311

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.