Vulnerability-Lookup

CVE-2020-7284 (GCVE-0-2020-7284)

Vulnerability from cvelistv5 – Published: 2020-07-03 18:40 – Updated: 2024-08-04 09:25

Title

Network Security Management (NSM) - Exposure of Sensitive Information

Summary

Exposure of Sensitive Information in McAfee Network Security Management (NSM) prior to 10.1.7.7 allows local users to gain unauthorised access to the root account via execution of carefully crafted commands from the restricted command line interface (CLI).

Severity ?

8.6 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CWE

CWE-200 - Information Exposure

Assigner

trellix

References

URL

Tags

https://kc.mcafee.com/corporate/index?page=conten…

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	McAfee	Network Security Management (NSM)	Affected: unspecified , < 10.1.7.7 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:25:48.430Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10322"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Network Security Management (NSM)",
          "vendor": "McAfee",
          "versions": [
            {
              "lessThan": "10.1.7.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Exposure of Sensitive Information in McAfee Network Security Management (NSM) prior to 10.1.7.7 allows local users to gain unauthorised access to the root account via execution of carefully crafted commands from the restricted command line interface (CLI)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200 Information Exposure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-03T18:40:12",
        "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "shortName": "trellix"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10322"
        }
      ],
      "source": {
        "advisory": "SB10322",
        "discovery": "EXTERNAL"
      },
      "title": "Network Security Management (NSM) - Exposure of Sensitive Information ",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@mcafee.com",
          "ID": "CVE-2020-7284",
          "STATE": "PUBLIC",
          "TITLE": "Network Security Management (NSM) - Exposure of Sensitive Information "
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Network Security Management (NSM)",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "10.1.7.7"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "McAfee"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Exposure of Sensitive Information in McAfee Network Security Management (NSM) prior to 10.1.7.7 allows local users to gain unauthorised access to the root account via execution of carefully crafted commands from the restricted command line interface (CLI)."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-200 Information Exposure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10322",
              "refsource": "MISC",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10322"
            }
          ]
        },
        "source": {
          "advisory": "SB10322",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
    "assignerShortName": "trellix",
    "cveId": "CVE-2020-7284",
    "datePublished": "2020-07-03T18:40:12",
    "dateReserved": "2020-01-21T00:00:00",
    "dateUpdated": "2024-08-04T09:25:48.430Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:network_security_management:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"9.0\", \"versionEndExcluding\": \"9.2.9.55\", \"matchCriteriaId\": \"D494C16E-EC29-4191-8D44-F04B2C54F44C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:network_security_management:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"10.0\", \"versionEndExcluding\": \"10.1.7.7\", \"matchCriteriaId\": \"6F2E496C-D7FB-4BD5-A88C-D307A00F60D8\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Exposure of Sensitive Information in McAfee Network Security Management (NSM) prior to 10.1.7.7 allows local users to gain unauthorised access to the root account via execution of carefully crafted commands from the restricted command line interface (CLI).\"}, {\"lang\": \"es\", \"value\": \"Una exposici\\u00f3n de informaci\\u00f3n confidencial en McAfee Network Security Management (NSM) versiones anteriores a 10.1.7.7, permite a usuarios locales conseguir acceso no autorizado a la cuenta root mediante la ejecuci\\u00f3n de comandos cuidadosamente dise\\u00f1ados desde la interfaz de l\\u00ednea de comandos (CLI) restringida\"}]",
      "id": "CVE-2020-7284",
      "lastModified": "2024-11-21T05:36:59.290",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"trellixpsirt@trellix.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\", \"baseScore\": 8.6, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 6.0}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 7.2, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 3.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-07-03T19:15:10.623",
      "references": "[{\"url\": \"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10322\", \"source\": \"trellixpsirt@trellix.com\"}, {\"url\": \"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10322\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "trellixpsirt@trellix.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"trellixpsirt@trellix.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-7284\",\"sourceIdentifier\":\"trellixpsirt@trellix.com\",\"published\":\"2020-07-03T19:15:10.623\",\"lastModified\":\"2024-11-21T05:36:59.290\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Exposure of Sensitive Information in McAfee Network Security Management (NSM) prior to 10.1.7.7 allows local users to gain unauthorised access to the root account via execution of carefully crafted commands from the restricted command line interface (CLI).\"},{\"lang\":\"es\",\"value\":\"Una exposici\u00f3n de informaci\u00f3n confidencial en McAfee Network Security Management (NSM) versiones anteriores a 10.1.7.7, permite a usuarios locales conseguir acceso no autorizado a la cuenta root mediante la ejecuci\u00f3n de comandos cuidadosamente dise\u00f1ados desde la interfaz de l\u00ednea de comandos (CLI) restringida\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"trellixpsirt@trellix.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\",\"baseScore\":8.6,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"trellixpsirt@trellix.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:network_security_management:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0\",\"versionEndExcluding\":\"9.2.9.55\",\"matchCriteriaId\":\"D494C16E-EC29-4191-8D44-F04B2C54F44C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:network_security_management:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0\",\"versionEndExcluding\":\"10.1.7.7\",\"matchCriteriaId\":\"6F2E496C-D7FB-4BD5-A88C-D307A00F60D8\"}]}]}],\"references\":[{\"url\":\"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10322\",\"source\":\"trellixpsirt@trellix.com\"},{\"url\":\"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10322\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CNVD-2020-50498

Vulnerability from cnvd - Published: 2020-09-03

Title

McAfee Network Security Management信息泄露漏洞（CNVD-2020-50498）

Description

McAfee Network Security Management（NSM）是美国迈克菲（McAfee）公司的一套能够实时监控整个网络中已部署的迈克菲入侵防护系统的网络安全解决方案。 McAfee NSM 10.1.7.7 之前版本中存在信息泄露漏洞。本地攻击者可借助特制命令利用该漏洞对root账户进行未授权访问。

Severity

高

Patch Name

McAfee Network Security Management信息泄露漏洞（CNVD-2020-50498）的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://kc.mcafee.com/corporate/index?page=content&id=SB10322

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-7284

Impacted products

Name
McAfee Network Security Management <10.1.7.7

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-7284"
    }
  },
  "description": "McAfee Network Security Management\uff08NSM\uff09\u662f\u7f8e\u56fd\u8fc8\u514b\u83f2\uff08McAfee\uff09\u516c\u53f8\u7684\u4e00\u5957\u80fd\u591f\u5b9e\u65f6\u76d1\u63a7\u6574\u4e2a\u7f51\u7edc\u4e2d\u5df2\u90e8\u7f72\u7684\u8fc8\u514b\u83f2\u5165\u4fb5\u9632\u62a4\u7cfb\u7edf\u7684\u7f51\u7edc\u5b89\u5168\u89e3\u51b3\u65b9\u6848\u3002\n\nMcAfee NSM 10.1.7.7 \u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u547d\u4ee4\u5229\u7528\u8be5\u6f0f\u6d1e\u5bf9root\u8d26\u6237\u8fdb\u884c\u672a\u6388\u6743\u8bbf\u95ee\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://kc.mcafee.com/corporate/index?page=content\u0026id=SB10322",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-50498",
  "openTime": "2020-09-03",
  "patchDescription": "McAfee Network Security Management\uff08NSM\uff09\u662f\u7f8e\u56fd\u8fc8\u514b\u83f2\uff08McAfee\uff09\u516c\u53f8\u7684\u4e00\u5957\u80fd\u591f\u5b9e\u65f6\u76d1\u63a7\u6574\u4e2a\u7f51\u7edc\u4e2d\u5df2\u90e8\u7f72\u7684\u8fc8\u514b\u83f2\u5165\u4fb5\u9632\u62a4\u7cfb\u7edf\u7684\u7f51\u7edc\u5b89\u5168\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nMcAfee NSM 10.1.7.7 \u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u547d\u4ee4\u5229\u7528\u8be5\u6f0f\u6d1e\u5bf9root\u8d26\u6237\u8fdb\u884c\u672a\u6388\u6743\u8bbf\u95ee\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "McAfee Network Security Management\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2020-50498\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "McAfee Network Security Management \u003c10.1.7.7"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-7284",
  "serverity": "\u9ad8",
  "submitTime": "2020-07-06",
  "title": "McAfee Network Security Management\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2020-50498\uff09"
}

FKIE_CVE-2020-7284

Vulnerability from fkie_nvd - Published: 2020-07-03 19:15 - Updated: 2024-11-21 05:36

Severity ?

8.6 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	trellixpsirt@trellix.com	https://kc.mcafee.com/corporate/index?page=content&id=SB10322
	af854a3a-2127-422b-91ae-364da2661108	https://kc.mcafee.com/corporate/index?page=content&id=SB10322

Impacted products

	Vendor	Product	Version
	mcafee	network_security_management	*
	mcafee	network_security_management	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mcafee:network_security_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D494C16E-EC29-4191-8D44-F04B2C54F44C",
              "versionEndExcluding": "9.2.9.55",
              "versionStartIncluding": "9.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:network_security_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F2E496C-D7FB-4BD5-A88C-D307A00F60D8",
              "versionEndExcluding": "10.1.7.7",
              "versionStartIncluding": "10.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Exposure of Sensitive Information in McAfee Network Security Management (NSM) prior to 10.1.7.7 allows local users to gain unauthorised access to the root account via execution of carefully crafted commands from the restricted command line interface (CLI)."
    },
    {
      "lang": "es",
      "value": "Una exposici\u00f3n de informaci\u00f3n confidencial en McAfee Network Security Management (NSM) versiones anteriores a 10.1.7.7, permite a usuarios locales conseguir acceso no autorizado a la cuenta root mediante la ejecuci\u00f3n de comandos cuidadosamente dise\u00f1ados desde la interfaz de l\u00ednea de comandos (CLI) restringida"
    }
  ],
  "id": "CVE-2020-7284",
  "lastModified": "2024-11-21T05:36:59.290",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.6,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 6.0,
        "source": "trellixpsirt@trellix.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-07-03T19:15:10.623",
  "references": [
    {
      "source": "trellixpsirt@trellix.com",
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10322"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10322"
    }
  ],
  "sourceIdentifier": "trellixpsirt@trellix.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "trellixpsirt@trellix.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2020-7284

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2020-7284

Aliases

CVE-2020-7284

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-7284",
    "description": "Exposure of Sensitive Information in McAfee Network Security Management (NSM) prior to 10.1.7.7 allows local users to gain unauthorised access to the root account via execution of carefully crafted commands from the restricted command line interface (CLI).",
    "id": "GSD-2020-7284"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-7284"
      ],
      "details": "Exposure of Sensitive Information in McAfee Network Security Management (NSM) prior to 10.1.7.7 allows local users to gain unauthorised access to the root account via execution of carefully crafted commands from the restricted command line interface (CLI).",
      "id": "GSD-2020-7284",
      "modified": "2023-12-13T01:21:51.604373Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@mcafee.com",
        "ID": "CVE-2020-7284",
        "STATE": "PUBLIC",
        "TITLE": "Network Security Management (NSM) - Exposure of Sensitive Information "
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Network Security Management (NSM)",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "10.1.7.7"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "McAfee"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Exposure of Sensitive Information in McAfee Network Security Management (NSM) prior to 10.1.7.7 allows local users to gain unauthorised access to the root account via execution of carefully crafted commands from the restricted command line interface (CLI)."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.6,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-200 Information Exposure"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10322",
            "refsource": "MISC",
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10322"
          }
        ]
      },
      "source": {
        "advisory": "SB10322",
        "discovery": "EXTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:network_security_management:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.2.9.55",
                "versionStartIncluding": "9.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:network_security_management:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.1.7.7",
                "versionStartIncluding": "10.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@mcafee.com",
          "ID": "CVE-2020-7284"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Exposure of Sensitive Information in McAfee Network Security Management (NSM) prior to 10.1.7.7 allows local users to gain unauthorised access to the root account via execution of carefully crafted commands from the restricted command line interface (CLI)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10322",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10322"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-10-19T12:52Z",
      "publishedDate": "2020-07-03T19:15Z"
    }
  }
}

GHSA-RH8V-QC8W-7RJ2

Vulnerability from github – Published: 2022-05-24 17:22 – Updated: 2022-05-24 17:22

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-7284"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-07-03T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "Exposure of Sensitive Information in McAfee Network Security Management (NSM) prior to 10.1.7.7 allows local users to gain unauthorised access to the root account via execution of carefully crafted commands from the restricted command line interface (CLI).",
  "id": "GHSA-rh8v-qc8w-7rj2",
  "modified": "2022-05-24T17:22:23Z",
  "published": "2022-05-24T17:22:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7284"
    },
    {
      "type": "WEB",
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10322"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-7284 (GCVE-0-2020-7284)

CNVD-2020-50498

FKIE_CVE-2020-7284

GSD-2020-7284

GHSA-RH8V-QC8W-7RJ2

Tags

Sightings

Nomenclature