{"api_version":"1","generated_at":"2026-04-22T22:49:20+00:00","cve":"CVE-2020-7254","urls":{"html":"https://cve.report/CVE-2020-7254","api":"https://cve.report/api/cve/CVE-2020-7254.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-7254","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-7254"},"summary":{"title":"CVE-2020-7254","description":"Privilege Escalation vulnerability in the command line interface in McAfee Advanced Threat Defense (ATD) 4.x prior to 4.8.2 allows local users to execute arbitrary code via improper access controls on the sudo command.","state":"PUBLIC","assigner":"psirt@mcafee.com","published_at":"2020-03-12 11:15:00","updated_at":"2023-11-07 03:25:00"},"problem_types":["CWE-269"],"metrics":[],"references":[{"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10311","name":"https://kc.mcafee.com/corporate/index?page=content&id=SB10311","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"McAfee Security Bulletin - Advanced Threat Defense update fixes a privilege escalation vulnerability (CVE-2020-7254)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-7254","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7254","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"LEGACY","value":"McAfee credits Jerome Nokin from NCIA for responsibly reporting CVE-2020-7254","lang":""}],"nvd_cpes":[{"cve_year":"2020","cve_id":"7254","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mcafee","cpe5":"advanced_threat_defense","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"7254","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mcafee","cpe5":"advanced_threat_defense","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"psirt@mcafee.com","DATE_PUBLIC":"2020-03-10T00:00:00.000Z","ID":"CVE-2020-7254","STATE":"PUBLIC","TITLE":"Privilege escalation in Advanced Threat Defense"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":" McAfee Advanced Threat Defense (ATD)","version":{"version_data":[{"version_affected":"<","version_name":"4.x","version_value":"4.8.2"}]}}]},"vendor_name":"McAfee, LLC"}]}},"credit":[{"lang":"eng","value":"McAfee credits Jerome Nokin from NCIA for responsibly reporting CVE-2020-7254"}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Privilege Escalation vulnerability in the command line interface in McAfee Advanced Threat Defense (ATD) 4.x prior to 4.8.2 allows local users to execute arbitrary code via improper access controls on the sudo command."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"HIGH","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.7,"baseSeverity":"HIGH","confidentialityImpact":"LOW","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:H","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-264 Permissions, Privileges, and Access Controls"}]},{"description":[{"lang":"eng","value":"CWE-269 Improper Privilege Management"}]}]},"references":{"reference_data":[{"name":"https://kc.mcafee.com/corporate/index?page=content&id=SB10311","refsource":"CONFIRM","url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10311"}]},"source":{"discovery":"EXTERNAL"}},"nvd":{"publishedDate":"2020-03-12 11:15:00","lastModifiedDate":"2023-11-07 03:25:00","problem_types":["CWE-269"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":4.6},"severity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mcafee:advanced_threat_defense:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0","versionEndExcluding":"4.8.2","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"7254","Ordinal":"167533","Title":"CVE-2020-7254","CVE":"CVE-2020-7254","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"7254","Ordinal":"1","NoteData":"Privilege Escalation vulnerability in the command line interface in McAfee Advanced Threat Defense (ATD) 4.x prior to 4.8.2 allows local users to execute arbitrary code via improper access controls on the sudo command.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"7254","Ordinal":"2","NoteData":"2020-03-12","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"7254","Ordinal":"3","NoteData":"2020-03-12","Type":"Other","Title":"Modified"}]}}}