CVE-2020-7284Sensitive Information Exposure in Network Security Management

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 85.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mcafee Network Security Management
Timeline
PublishedJul 3
Latest updateMay 24

Description

Exposure of Sensitive Information in McAfee Network Security Management (NSM) prior to 10.1.7.7 allows local users to gain unauthorised access to the root account via execution of carefully crafted commands from the restricted command line interface (CLI).

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5mcafee/network_security_managementunspecified10.1.7.7
NVDmcafee/network_security_management9.09.2.9.55+1

🔴Vulnerability Details

1
GHSA
GHSA-rh8v-qc8w-7rj2: Exposure of Sensitive Information in McAfee Network Security Management (NSM) prior to 102022-05-24

📋Vendor Advisories

1
Red Hat
perl-PlRPC: pre-auth remote code execution2013-11-14