CVE-2020-7314
Summary
| CVE | CVE-2020-7314 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-09-10 10:15:00 UTC |
| Updated | 2023-11-07 03:25:00 UTC |
| Description | Privilege Escalation Vulnerability in the installer in McAfee Data Exchange Layer (DXL) Client for Mac shipped with McAfee Agent (MA) for Mac prior to MA 5.6.6 allows local users to run commands as root via incorrectly applied permissions on temporary files. |
Risk And Classification
Problem Types: CWE-732
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Mcafee | Mcafee Agent | All | All | All | All |
| Application | Mcafee | Mcafee Agent | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| McAfee Security Bulletin - McAfee Agent update fixes four vulnerabilities (CVE-2020-7311, CVE-2020-7312, CVE-2020-7314, and CVE-2020-7315) | CONFIRM | kc.mcafee.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: McAfee credits Lockheed Martin Red Team for responsibly reporting this flaw.
There are currently no legacy QID mappings associated with this CVE.