CVE-2020-7252 MEDIUM

CVE-2020-7252: Unquoted service executable path

Vendor Mcafee, Llc

Product Data Exchange Layer (DXL) Broker

Weakness CWE-250

Published February 17, 2020

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

4.2/10

Attack vector Local

Attack complexity Low

Privileges required High

User interaction Required

Confidentiality None

Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

Unquoted service executable path in DXL Broker in McAfee Data eXchange Layer (DXL) Framework 6.0.0 and earlier allows local users to cause a denial of service and malicious file execution via carefully crafted and named executable files.

Key dates

02Disclosure timeline

February 17, 2020 CVE published

August 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-7252 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/250.html

Related vulnerabilities

Identifiers

CVE CVE-2020-7252

CWE CWE-250

CVSS 4.2 / MEDIUM

Affected versions

Vendor Mcafee, Llc

Product Data Exchange Layer (DXL) Broker

Affected ≥ 6.0.x and ≤ 6.0.0

Vendor Mcafee, Llc

Product Data Exchange Layer (DXL) Broker

Affected ≥ 5.0.x and ≤ 5.0.2

CVE-2020-7252: Unquoted service executable path

01Description

02Disclosure timeline

03References

04Related CVE