CVE-2020-7254: Privilege escalation in Advanced Threat Defense
First published: Thu Mar 12 2020(Updated: )
Privilege Escalation vulnerability in the command line interface in McAfee Advanced Threat Defense (ATD) 4.x prior to 4.8.2 allows local users to execute arbitrary code via improper access controls on the sudo command.
Credit: psirt@mcafee.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| McAfee Advanced Threat Defense | >=4.0<4.8.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for the Privilege Escalation vulnerability in McAfee Advanced Threat Defense?
The vulnerability ID for the Privilege Escalation vulnerability in McAfee Advanced Threat Defense is CVE-2020-7254.
What is the severity of CVE-2020-7254?
The severity of CVE-2020-7254 is high (7.8).
How does the Privilege Escalation vulnerability in McAfee Advanced Threat Defense occur?
The Privilege Escalation vulnerability in McAfee Advanced Threat Defense occurs due to improper access controls on the sudo command.
What is the affected software for CVE-2020-7254?
The affected software for CVE-2020-7254 is McAfee Advanced Threat Defense 4.x prior to 4.8.2.
Is there a fix available for CVE-2020-7254?
Yes, a fix for CVE-2020-7254 is available in McAfee Advanced Threat Defense version 4.8.2 and onwards.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/title
- agent/references
- agent/severity
- agent/author
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/mcafee
- canonical/mcafee advanced threat defense
- version/mcafee advanced threat defense/4.0