Vulnerability CVE-2020-7335


Published: 2020-12-01

Description:
Privilege Escalation vulnerability in Microsoft Windows client McAfee Total Protection (MTP) prior to 16.0.29 allows local users to gain elevated privileges via careful manipulation of a folder by creating a junction link. This exploits a lack of protection through a timing issue and is only exploitable in a small time window.

Type:

CWE-269

(Improper Privilege Management)

CVSS2 => (AV:L/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.4/10
6.4/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Mcafee -> Total protection 

 References:
http://service.mcafee.com/FAQDocument.aspx?&id=TS103089
https://www.zerodayinitiative.com/advisories/ZDI-20-1388/

Copyright 2024, cxsecurity.com

 

Back to Top