cnvd - cnvd-2020-17961

CNVD-2020-17961

Vulnerability from cnvd - Published: 2020-03-19

Title

McAfee Advanced Threat Defense权限许可和访问控制问题漏洞

Description

McAfee Advanced Threat Defense（ATD）是美国迈克菲（McAfee）公司的一套高级威胁防护系统。该系统通过静态代码分析、恶意软件动态分析和机器学习等，提供零日攻击防护和恶意软件防护等功能。 McAfee Advanced Threat Defense 4.8.2之前的4.x版本中的命令行接口存在权限许可和访问控制问题漏洞，该漏洞源于未能对sudo命令进行正确的访问控制。本地攻击者可利用该漏洞执行任意代码。

Severity

中

Patch Name

McAfee Advanced Threat Defense权限许可和访问控制问题漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://kc.mcafee.com/corporate/index?page=content&id;=SB10311

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-7254

Impacted products

Name
Mcafee McAfee Advanced Threat Defense 4.*，<4.8.2

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-7254",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-7254"
    }
  },
  "description": "McAfee Advanced Threat Defense\uff08ATD\uff09\u662f\u7f8e\u56fd\u8fc8\u514b\u83f2\uff08McAfee\uff09\u516c\u53f8\u7684\u4e00\u5957\u9ad8\u7ea7\u5a01\u80c1\u9632\u62a4\u7cfb\u7edf\u3002\u8be5\u7cfb\u7edf\u901a\u8fc7\u9759\u6001\u4ee3\u7801\u5206\u6790\u3001\u6076\u610f\u8f6f\u4ef6\u52a8\u6001\u5206\u6790\u548c\u673a\u5668\u5b66\u4e60\u7b49\uff0c\u63d0\u4f9b\u96f6\u65e5\u653b\u51fb\u9632\u62a4\u548c\u6076\u610f\u8f6f\u4ef6\u9632\u62a4\u7b49\u529f\u80fd\u3002\n\nMcAfee Advanced Threat Defense 4.8.2\u4e4b\u524d\u76844.x\u7248\u672c\u4e2d\u7684\u547d\u4ee4\u884c\u63a5\u53e3\u5b58\u5728\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u672a\u80fd\u5bf9sudo\u547d\u4ee4\u8fdb\u884c\u6b63\u786e\u7684\u8bbf\u95ee\u63a7\u5236\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://kc.mcafee.com/corporate/index?page=content\u0026id;=SB10311",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-17961",
  "openTime": "2020-03-19",
  "patchDescription": "McAfee Advanced Threat Defense\uff08ATD\uff09\u662f\u7f8e\u56fd\u8fc8\u514b\u83f2\uff08McAfee\uff09\u516c\u53f8\u7684\u4e00\u5957\u9ad8\u7ea7\u5a01\u80c1\u9632\u62a4\u7cfb\u7edf\u3002\u8be5\u7cfb\u7edf\u901a\u8fc7\u9759\u6001\u4ee3\u7801\u5206\u6790\u3001\u6076\u610f\u8f6f\u4ef6\u52a8\u6001\u5206\u6790\u548c\u673a\u5668\u5b66\u4e60\u7b49\uff0c\u63d0\u4f9b\u96f6\u65e5\u653b\u51fb\u9632\u62a4\u548c\u6076\u610f\u8f6f\u4ef6\u9632\u62a4\u7b49\u529f\u80fd\u3002\r\n\r\nMcAfee Advanced Threat Defense 4.8.2\u4e4b\u524d\u76844.x\u7248\u672c\u4e2d\u7684\u547d\u4ee4\u884c\u63a5\u53e3\u5b58\u5728\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u672a\u80fd\u5bf9sudo\u547d\u4ee4\u8fdb\u884c\u6b63\u786e\u7684\u8bbf\u95ee\u63a7\u5236\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "McAfee Advanced Threat Defense\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Mcafee McAfee Advanced Threat Defense 4.*\uff0c\u003c4.8.2"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-7254",
  "serverity": "\u4e2d",
  "submitTime": "2020-03-14",
  "title": "McAfee Advanced Threat Defense\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u95ee\u9898\u6f0f\u6d1e"
}

CVE-2020-7254 (GCVE-0-2020-7254)

Vulnerability from cvelistv5 – Published: 2020-03-12 11:00 – Updated: 2024-09-16 20:37

Summary

Privilege Escalation vulnerability in the command line interface in McAfee Advanced Threat Defense (ATD) 4.x prior to 4.8.2 allows local users to execute arbitrary code via improper access controls on the sudo command.

Severity ?

7.7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:H

CWE

CWE-264 - Permissions, Privileges, and Access Controls
CWE-269 - Improper Privilege Management

Assigner

trellix

References

URL

Tags

https://kc.mcafee.com/corporate/index?page=conten…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	McAfee, LLC	McAfee Advanced Threat Defense (ATD)	Affected: 4.x , < 4.8.2 (custom)

Credits

McAfee credits Jerome Nokin from NCIA for responsibly reporting CVE-2020-7254

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:25:48.952Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10311"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "McAfee Advanced Threat Defense (ATD)",
          "vendor": "McAfee, LLC",
          "versions": [
            {
              "lessThan": "4.8.2",
              "status": "affected",
              "version": "4.x",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "McAfee credits Jerome Nokin from NCIA for responsibly reporting CVE-2020-7254"
        }
      ],
      "datePublic": "2020-03-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Privilege Escalation vulnerability in the command line interface in McAfee Advanced Threat Defense (ATD) 4.x prior to 4.8.2 allows local users to execute arbitrary code via improper access controls on the sudo command."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-264",
              "description": "CWE-264 Permissions, Privileges, and Access Controls",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-12T11:00:18",
        "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "shortName": "trellix"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10311"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Privilege escalation in Advanced Threat Defense",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@mcafee.com",
          "DATE_PUBLIC": "2020-03-10T00:00:00.000Z",
          "ID": "CVE-2020-7254",
          "STATE": "PUBLIC",
          "TITLE": "Privilege escalation in Advanced Threat Defense"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "McAfee Advanced Threat Defense (ATD)",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "4.x",
                            "version_value": "4.8.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "McAfee, LLC"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "McAfee credits Jerome Nokin from NCIA for responsibly reporting CVE-2020-7254"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Privilege Escalation vulnerability in the command line interface in McAfee Advanced Threat Defense (ATD) 4.x prior to 4.8.2 allows local users to execute arbitrary code via improper access controls on the sudo command."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-264 Permissions, Privileges, and Access Controls"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-269 Improper Privilege Management"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10311",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10311"
            }
          ]
        },
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
    "assignerShortName": "trellix",
    "cveId": "CVE-2020-7254",
    "datePublished": "2020-03-12T11:00:18.459320Z",
    "dateReserved": "2020-01-21T00:00:00",
    "dateUpdated": "2024-09-16T20:37:10.544Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2020-17961

CVE-2020-7254 (GCVE-0-2020-7254)

Tags

Sightings

Nomenclature