Vulnerability-Lookup

CVE-2020-7265 (GCVE-0-2020-7265)

Vulnerability from cvelistv5 – Published: 2020-05-08 11:50 – Updated: 2024-09-16 20:42

Title

Privilege Escalation vulnerability through symbolic links in ENSM

Summary

Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Mac prior to 10.6.9 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-274 - Improper Handling of Insufficient Privileges

Assigner

trellix

References

URL

Tags

https://kc.mcafee.com/corporate/index?page=conten…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	McAfee,LLC	McAfee Endpoint Security (ENS) for Mac	Affected: 10.6.x , ≤ 10.6.9 (custom)

Credits

Rack911 Labs discovered this vulnerability.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:25:48.917Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10316"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "McAfee Endpoint Security (ENS) for Mac",
          "vendor": "McAfee,LLC",
          "versions": [
            {
              "lessThanOrEqual": "10.6.9",
              "status": "affected",
              "version": "10.6.x",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Rack911 Labs discovered this vulnerability."
        }
      ],
      "datePublic": "2020-05-07T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Mac prior to 10.6.9 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-274",
              "description": "CWE-274 Improper Handling of Insufficient Privileges",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-05-08T11:50:14.000Z",
        "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "shortName": "trellix"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10316"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Privilege Escalation vulnerability through symbolic links in ENSM",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@mcafee.com",
          "DATE_PUBLIC": "2020-05-07T00:00:00.000Z",
          "ID": "CVE-2020-7265",
          "STATE": "PUBLIC",
          "TITLE": "Privilege Escalation vulnerability through symbolic links in ENSM"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "McAfee Endpoint Security (ENS) for Mac",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "10.6.x",
                            "version_value": "10.6.9"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "McAfee,LLC"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Rack911 Labs discovered this vulnerability."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Mac prior to 10.6.9 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-274 Improper Handling of Insufficient Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10316",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10316"
            }
          ]
        },
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
    "assignerShortName": "trellix",
    "cveId": "CVE-2020-7265",
    "datePublished": "2020-05-08T11:50:14.514Z",
    "dateReserved": "2020-01-21T00:00:00.000Z",
    "dateUpdated": "2024-09-16T20:42:09.215Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CNVD-2020-35369

Vulnerability from cnvd - Published: 2020-06-30

Title

McAfee Endpoint Security提权漏洞

Description

McAfee Endpoint Security（ENS）是美国迈克菲（McAfee）公司的一套提供智能协作和先进的威胁防御的框架。该框架支持对实时通信的整个威胁防御生命周期进行控制并进行可操作的威胁取证等。 McAfee ENS 10.6.9之前版本（Mac）中存在提权漏洞。本地攻击者可借助符号链接来重定向McAfee删除操作利用该漏洞删除被限制的文件。

Severity

低

Patch Name

McAfee Endpoint Security提权漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://kc.mcafee.com/corporate/index?page=content&id=SB10316

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-7265

Impacted products

Name
McAfee Endpoint Security (ENS) <10.6.9

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-7265"
    }
  },
  "description": "McAfee Endpoint Security\uff08ENS\uff09\u662f\u7f8e\u56fd\u8fc8\u514b\u83f2\uff08McAfee\uff09\u516c\u53f8\u7684\u4e00\u5957\u63d0\u4f9b\u667a\u80fd\u534f\u4f5c\u548c\u5148\u8fdb\u7684\u5a01\u80c1\u9632\u5fa1\u7684\u6846\u67b6\u3002\u8be5\u6846\u67b6\u652f\u6301\u5bf9\u5b9e\u65f6\u901a\u4fe1\u7684\u6574\u4e2a\u5a01\u80c1\u9632\u5fa1\u751f\u547d\u5468\u671f\u8fdb\u884c\u63a7\u5236\u5e76\u8fdb\u884c\u53ef\u64cd\u4f5c\u7684\u5a01\u80c1\u53d6\u8bc1\u7b49\u3002\n\nMcAfee ENS 10.6.9\u4e4b\u524d\u7248\u672c\uff08Mac\uff09\u4e2d\u5b58\u5728\u63d0\u6743\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7b26\u53f7\u94fe\u63a5\u6765\u91cd\u5b9a\u5411McAfee\u5220\u9664\u64cd\u4f5c\u5229\u7528\u8be5\u6f0f\u6d1e\u5220\u9664\u88ab\u9650\u5236\u7684\u6587\u4ef6\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://kc.mcafee.com/corporate/index?page=content\u0026id=SB10316",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-35369",
  "openTime": "2020-06-30",
  "patchDescription": "McAfee Endpoint Security\uff08ENS\uff09\u662f\u7f8e\u56fd\u8fc8\u514b\u83f2\uff08McAfee\uff09\u516c\u53f8\u7684\u4e00\u5957\u63d0\u4f9b\u667a\u80fd\u534f\u4f5c\u548c\u5148\u8fdb\u7684\u5a01\u80c1\u9632\u5fa1\u7684\u6846\u67b6\u3002\u8be5\u6846\u67b6\u652f\u6301\u5bf9\u5b9e\u65f6\u901a\u4fe1\u7684\u6574\u4e2a\u5a01\u80c1\u9632\u5fa1\u751f\u547d\u5468\u671f\u8fdb\u884c\u63a7\u5236\u5e76\u8fdb\u884c\u53ef\u64cd\u4f5c\u7684\u5a01\u80c1\u53d6\u8bc1\u7b49\u3002\r\n\r\nMcAfee ENS 10.6.9\u4e4b\u524d\u7248\u672c\uff08Mac\uff09\u4e2d\u5b58\u5728\u63d0\u6743\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7b26\u53f7\u94fe\u63a5\u6765\u91cd\u5b9a\u5411McAfee\u5220\u9664\u64cd\u4f5c\u5229\u7528\u8be5\u6f0f\u6d1e\u5220\u9664\u88ab\u9650\u5236\u7684\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "McAfee Endpoint Security\u63d0\u6743\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "McAfee Endpoint Security (ENS) \u003c10.6.9"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-7265",
  "serverity": "\u4f4e",
  "submitTime": "2020-05-09",
  "title": "McAfee Endpoint Security\u63d0\u6743\u6f0f\u6d1e"
}

GHSA-M258-8C72-M4V5

Vulnerability from github – Published: 2022-05-24 17:17 – Updated: 2022-05-24 17:17

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-7265"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-05-08T12:15:00Z",
    "severity": "LOW"
  },
  "details": "Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Mac prior to 10.6.9 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.",
  "id": "GHSA-m258-8c72-m4v5",
  "modified": "2022-05-24T17:17:31Z",
  "published": "2022-05-24T17:17:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7265"
    },
    {
      "type": "WEB",
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10316"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2020-7265

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2020-7265

Aliases

CVE-2020-7265

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-7265",
    "description": "Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Mac prior to 10.6.9 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.",
    "id": "GSD-2020-7265"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-7265"
      ],
      "details": "Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Mac prior to 10.6.9 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.",
      "id": "GSD-2020-7265",
      "modified": "2023-12-13T01:21:51.741921Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@mcafee.com",
        "DATE_PUBLIC": "2020-05-07T00:00:00.000Z",
        "ID": "CVE-2020-7265",
        "STATE": "PUBLIC",
        "TITLE": "Privilege Escalation vulnerability through symbolic links in ENSM"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "McAfee Endpoint Security (ENS) for Mac",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "10.6.x",
                          "version_value": "10.6.9"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "McAfee,LLC"
            }
          ]
        }
      },
      "credit": [
        {
          "lang": "eng",
          "value": "Rack911 Labs discovered this vulnerability."
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Mac prior to 10.6.9 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-274 Improper Handling of Insufficient Privileges"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10316",
            "refsource": "CONFIRM",
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10316"
          }
        ]
      },
      "source": {
        "discovery": "EXTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:endpoint_security:*:*:*:*:*:macos:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.6.9",
                "versionStartIncluding": "10.5.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@mcafee.com",
          "ID": "CVE-2020-7265"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Mac prior to 10.6.9 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-269"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10316",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10316"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 3.6,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.0,
          "impactScore": 5.8
        }
      },
      "lastModifiedDate": "2020-05-18T20:01Z",
      "publishedDate": "2020-05-08T12:15Z"
    }
  }
}

FKIE_CVE-2020-7265

Vulnerability from fkie_nvd - Published: 2020-05-08 12:15 - Updated: 2024-11-21 05:36

Severity ?

8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

Summary

References

	URL	Tags
	trellixpsirt@trellix.com	https://kc.mcafee.com/corporate/index?page=content&id=SB10316
	af854a3a-2127-422b-91ae-364da2661108	https://kc.mcafee.com/corporate/index?page=content&id=SB10316

Impacted products

	Vendor	Product	Version
	mcafee	endpoint_security	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mcafee:endpoint_security:*:*:*:*:*:macos:*:*",
              "matchCriteriaId": "176ADB90-D9B5-4AA1-A42E-5E75C980C2EF",
              "versionEndExcluding": "10.6.9",
              "versionStartIncluding": "10.5.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Mac prior to 10.6.9 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de Escalada de Privilegios en McAfee Endpoint Security (ENS) para Mac versiones anteriores a 10.6.9, permite a usuarios locales eliminar archivos a los que de otro modo el usuario no tendr\u00eda acceso por medio de la manipulaci\u00f3n de enlaces simb\u00f3licos para redireccionar una acci\u00f3n de eliminaci\u00f3n de McAfee hacia un archivo no deseado. Esto es logrado por medio de la ejecuci\u00f3n de un script o programa malicioso en la m\u00e1quina objetivo."
    }
  ],
  "id": "CVE-2020-7265",
  "lastModified": "2024-11-21T05:36:57.337",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.6,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.0,
        "impactScore": 6.0,
        "source": "trellixpsirt@trellix.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.0,
        "impactScore": 5.8,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-05-08T12:15:12.160",
  "references": [
    {
      "source": "trellixpsirt@trellix.com",
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10316"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10316"
    }
  ],
  "sourceIdentifier": "trellixpsirt@trellix.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-274"
        }
      ],
      "source": "trellixpsirt@trellix.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-7265 (GCVE-0-2020-7265)

CNVD-2020-35369

GHSA-M258-8C72-M4V5

GSD-2020-7265

FKIE_CVE-2020-7265

Tags

Sightings

Nomenclature