cnvd - cnvd-2020-51799

CNVD-2020-51799

Vulnerability from cnvd - Published: 2020-09-14

Title

McAfee Agent权限提升漏洞

Description

McAfee Agent（MA）是美国迈克菲（McAfee）公司的一套提供了ePolicy Orchestrator（杀毒软件管理平台）与被管理产品之间的安全通信的客户端组件。 McAfee Agent中存在权限提升漏洞。该漏洞源于错误的程序对高级本地过程的调用。攻击者可利用该漏洞使用本地用户通过从受损文件夹中执行来执行任意代码并提升特权。

Severity

中

Patch Name

McAfee Agent权限提升漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://kc.mcafee.com/corporate/index?page=content&id;=SB10325

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-7312

Impacted products

Name
Mcafee McAfee Agent

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-7312",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-7312"
    }
  },
  "description": "McAfee Agent\uff08MA\uff09\u662f\u7f8e\u56fd\u8fc8\u514b\u83f2\uff08McAfee\uff09\u516c\u53f8\u7684\u4e00\u5957\u63d0\u4f9b\u4e86ePolicy Orchestrator\uff08\u6740\u6bd2\u8f6f\u4ef6\u7ba1\u7406\u5e73\u53f0\uff09\u4e0e\u88ab\u7ba1\u7406\u4ea7\u54c1\u4e4b\u95f4\u7684\u5b89\u5168\u901a\u4fe1\u7684\u5ba2\u6237\u7aef\u7ec4\u4ef6\u3002\n\nMcAfee Agent\u4e2d\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u9519\u8bef\u7684\u7a0b\u5e8f\u5bf9\u9ad8\u7ea7\u672c\u5730\u8fc7\u7a0b\u7684\u8c03\u7528\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4f7f\u7528\u672c\u5730\u7528\u6237\u901a\u8fc7\u4ece\u53d7\u635f\u6587\u4ef6\u5939\u4e2d\u6267\u884c\u6765\u6267\u884c\u4efb\u610f\u4ee3\u7801\u5e76\u63d0\u5347\u7279\u6743\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://kc.mcafee.com/corporate/index?page=content\u0026id;=SB10325",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-51799",
  "openTime": "2020-09-14",
  "patchDescription": "McAfee Agent\uff08MA\uff09\u662f\u7f8e\u56fd\u8fc8\u514b\u83f2\uff08McAfee\uff09\u516c\u53f8\u7684\u4e00\u5957\u63d0\u4f9b\u4e86ePolicy Orchestrator\uff08\u6740\u6bd2\u8f6f\u4ef6\u7ba1\u7406\u5e73\u53f0\uff09\u4e0e\u88ab\u7ba1\u7406\u4ea7\u54c1\u4e4b\u95f4\u7684\u5b89\u5168\u901a\u4fe1\u7684\u5ba2\u6237\u7aef\u7ec4\u4ef6\u3002\r\n\r\nMcAfee Agent\u4e2d\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u9519\u8bef\u7684\u7a0b\u5e8f\u5bf9\u9ad8\u7ea7\u672c\u5730\u8fc7\u7a0b\u7684\u8c03\u7528\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4f7f\u7528\u672c\u5730\u7528\u6237\u901a\u8fc7\u4ece\u53d7\u635f\u6587\u4ef6\u5939\u4e2d\u6267\u884c\u6765\u6267\u884c\u4efb\u610f\u4ee3\u7801\u5e76\u63d0\u5347\u7279\u6743\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "McAfee Agent\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Mcafee McAfee Agent"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-7312",
  "serverity": "\u4e2d",
  "submitTime": "2020-09-12",
  "title": "McAfee Agent\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

CVE-2020-7312 (GCVE-0-2020-7312)

Vulnerability from cvelistv5 – Published: 2020-09-10 09:45 – Updated: 2024-09-17 02:31

Title

DLL Search Order Hijacking in MA for Windows

Summary

DLL Search Order Hijacking Vulnerability in the installer in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to execute arbitrary code and escalate privileges via execution from a compromised folder.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-427 - Uncontrolled Search Path Element

Assigner

trellix

References

URL

Tags

https://kc.mcafee.com/corporate/index?page=conten…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	McAfee LLC	MA for Windows	Affected: 5.6.x , < 5.6.6 (custom)

Credits

McAfee credits Andrew Hess (any1) for responsibly reporting this flaw.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:25:49.054Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10325"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MA for Windows",
          "vendor": "McAfee LLC",
          "versions": [
            {
              "lessThan": "5.6.6",
              "status": "affected",
              "version": "5.6.x",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "McAfee credits Andrew Hess (any1) for responsibly reporting this flaw."
        }
      ],
      "datePublic": "2020-09-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "DLL Search Order Hijacking Vulnerability in the installer in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to execute arbitrary code and escalate privileges via execution from a compromised folder."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-427",
              "description": "CWE-427 Uncontrolled Search Path Element",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-09-10T09:45:15",
        "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "shortName": "trellix"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10325"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "DLL Search Order Hijacking in MA for Windows",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@mcafee.com",
          "DATE_PUBLIC": "2020-09-09T00:00:00.000Z",
          "ID": "CVE-2020-7312",
          "STATE": "PUBLIC",
          "TITLE": "DLL Search Order Hijacking in MA for Windows"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MA for Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.6.x",
                            "version_value": "5.6.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "McAfee LLC"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "McAfee credits Andrew Hess (any1) for responsibly reporting this flaw."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "DLL Search Order Hijacking Vulnerability in the installer in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to execute arbitrary code and escalate privileges via execution from a compromised folder."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-427 Uncontrolled Search Path Element"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10325",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10325"
            }
          ]
        },
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
    "assignerShortName": "trellix",
    "cveId": "CVE-2020-7312",
    "datePublished": "2020-09-10T09:45:15.974769Z",
    "dateReserved": "2020-01-21T00:00:00",
    "dateUpdated": "2024-09-17T02:31:47.777Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2020-51799

CVE-2020-7312 (GCVE-0-2020-7312)

Tags

Sightings

Nomenclature