CVE-2020-7254 — Improper Privilege Management in LLC Mcafee Advanced Threat Defense

CWE-264 CWE-269 — Improper Privilege Management3 documents3 sources

Severity

7.8HIGHNVD

CNA7.7

EPSS

0.1%

top 72.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mcafee LLC Mcafee Advanced Threat Defense Mcafee Advanced Threat Defense

Timeline

PublishedMar 12

Latest updateMay 24

Description

Privilege Escalation vulnerability in the command line interface in McAfee Advanced Threat Defense (ATD) 4.x prior to 4.8.2 allows local users to execute arbitrary code via improper access controls on the sudo command.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDmcafee/advanced_threat_defense4.0 — 4.8.2

▶CVEListV5mcafee_llc/mcafee_advanced_threat_defense4.x — 4.8.2

🔴Vulnerability Details

GHSA

GHSA-3r2j-2m96-x2cp: Privilege Escalation vulnerability in the command line interface in McAfee Advanced Threat Defense (ATD) 4↗2022-05-24

▶

CVEList

Privilege escalation in Advanced Threat Defense↗2020-03-12

▶