CVE-2020-7284 Vulnerability Details

  /     /     /  

CVE-2020-7284 Metadata Quick Info

CVE Published: 03/07/2020 | CVE Updated: 04/08/2024 | CVE Year: 2020
Source: trellix | Vendor: McAfee | Product: Network Security Management (NSM)
Status : PUBLISHED

CVE-2020-7284 Description

Exposure of Sensitive Information in McAfee Network Security Management (NSM) prior to 10.1.7.7 allows local users to gain unauthorised access to the root account via execution of carefully crafted commands from the restricted command line interface (CLI).

Metrics

CVSS Version: 3.1 | Base Score: 8.6 HIGH
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)* LOCAL
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* NONE
    User Interaction (UI)* REQUIRED
    Scope (S)* CHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* HIGH
    Availability Impact (A)* HIGH

Weakness Enumeration (CWE)

CWE-ID: CWE-200
CWE Name: CWE-200 Information Exposure
Source: McAfee

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description: