Vulnerabilites related to McAfee,LLC - McAfee Active Response (MAR) for Mac
cve-2020-7291
Vulnerability from cvelistv5
Published
2020-05-08 12:45
Modified
2024-09-16 17:23
Summary
Privilege Escalation vulnerability in McAfee Active Response (MAR) for Mac prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to.
References
Impacted products
Vendor Product Version
McAfee,LLC McAfee Active Response (MAR) for Mac Version: 2.4.x   < 2.4.3 Hotfix 1
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T09:25:48.817Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10317",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "McAfee Active Response (MAR) for Mac",
               vendor: "McAfee,LLC",
               versions: [
                  {
                     lessThan: "2.4.3 Hotfix 1",
                     status: "affected",
                     version: "2.4.x",
                     versionType: "custom",
                  },
               ],
            },
         ],
         datePublic: "2020-05-07T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Privilege Escalation vulnerability in McAfee Active Response (MAR) for Mac prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-274",
                     description: "CWE-274 Improper Handling of Insufficient Privileges",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-05-08T12:45:14",
            orgId: "01626437-bf8f-4d1c-912a-893b5eb04808",
            shortName: "trellix",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10317",
            },
         ],
         source: {
            discovery: "INTERNAL",
         },
         title: "Privilege Escalation vulnerability MAR for Mac",
         x_generator: {
            engine: "Vulnogram 0.0.9",
         },
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@mcafee.com",
               DATE_PUBLIC: "2020-05-07T00:00:00.000Z",
               ID: "CVE-2020-7291",
               STATE: "PUBLIC",
               TITLE: "Privilege Escalation vulnerability MAR for Mac",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "McAfee Active Response (MAR) for Mac",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_name: "2.4.x",
                                          version_value: "2.4.3 Hotfix 1",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "McAfee,LLC",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Privilege Escalation vulnerability in McAfee Active Response (MAR) for Mac prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to.",
                  },
               ],
            },
            generator: {
               engine: "Vulnogram 0.0.9",
            },
            impact: {
               cvss: {
                  attackComplexity: "HIGH",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                  version: "3.1",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-274 Improper Handling of Insufficient Privileges",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://kc.mcafee.com/corporate/index?page=content&id=SB10317",
                     refsource: "CONFIRM",
                     url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10317",
                  },
               ],
            },
            source: {
               discovery: "INTERNAL",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "01626437-bf8f-4d1c-912a-893b5eb04808",
      assignerShortName: "trellix",
      cveId: "CVE-2020-7291",
      datePublished: "2020-05-08T12:45:14.656931Z",
      dateReserved: "2020-01-21T00:00:00",
      dateUpdated: "2024-09-16T17:23:16.135Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}