CVE-2020-7254
Summary
| CVE | CVE-2020-7254 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-03-12 11:15:00 UTC |
| Updated | 2023-11-07 03:25:00 UTC |
| Description | Privilege Escalation vulnerability in the command line interface in McAfee Advanced Threat Defense (ATD) 4.x prior to 4.8.2 allows local users to execute arbitrary code via improper access controls on the sudo command. |
Risk And Classification
Problem Types: CWE-269
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Mcafee | Advanced Threat Defense | All | All | All | All |
| Application | Mcafee | Advanced Threat Defense | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| McAfee Security Bulletin - Advanced Threat Defense update fixes a privilege escalation vulnerability (CVE-2020-7254) | CONFIRM | kc.mcafee.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: McAfee credits Jerome Nokin from NCIA for responsibly reporting CVE-2020-7254
There are currently no legacy QID mappings associated with this CVE.