Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Mcafee Application and Change Control (MACC) by McAfee, LLC

    CVE-2020-7260 (GCVE-0-2020-7260)

    Vulnerability from nvd – Published: 2020-03-26 10:55 – Updated: 2024-09-17 02:51
    VLAI
    Title
    MACC installer DLL side loading
    Summary
    DLL Side Loading vulnerability in the installer for McAfee Application and Change Control (MACC) prior to 8.3 allows local users to execute arbitrary code via execution from a compromised folder.
    CWE
    • CWE-264 - Permissions, Privileges, and Access Controls
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee, LLC Mcafee Application and Change Control (MACC) Affected: 8.x , < 8.3 (custom)
    Affected: 8.2.x , < 8.2.6 (custom)
    Create a notification for this product.
    Date Public
    2020-03-24 00:00
    Credits
    McAfee credits Pierre-Alexandre Braeken twitter: @pabraeken for responsibly disclosing this vulnerability to McAfee.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:25:48.595Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10313"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Mcafee Application and Change Control (MACC)",
              "vendor": "McAfee, LLC",
              "versions": [
                {
                  "lessThan": "8.3",
                  "status": "affected",
                  "version": "8.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.2.6",
                  "status": "affected",
                  "version": "8.2.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "McAfee credits Pierre-Alexandre Braeken twitter: @pabraeken for responsibly disclosing this vulnerability to McAfee."
            }
          ],
          "datePublic": "2020-03-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "DLL Side Loading vulnerability in the installer for McAfee Application and Change Control (MACC) prior to 8.3 allows local users to execute arbitrary code via execution from a compromised folder."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-264",
                  "description": "CWE-264 Permissions, Privileges, and Access Controls",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-26T10:55:13.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10313"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "MACC installer DLL side loading",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "DATE_PUBLIC": "2020-03-24T00:00:00.000Z",
              "ID": "CVE-2020-7260",
              "STATE": "PUBLIC",
              "TITLE": "MACC installer DLL side loading"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Mcafee Application and Change Control (MACC)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "8.x",
                                "version_value": "8.3"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "8.2.x",
                                "version_value": "8.2.6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee, LLC"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "McAfee credits Pierre-Alexandre Braeken twitter: @pabraeken for responsibly disclosing this vulnerability to McAfee."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "DLL Side Loading vulnerability in the installer for McAfee Application and Change Control (MACC) prior to 8.3 allows local users to execute arbitrary code via execution from a compromised folder."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-264 Permissions, Privileges, and Access Controls"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10313",
                  "refsource": "CONFIRM",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10313"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2020-7260",
        "datePublished": "2020-03-26T10:55:14.038Z",
        "dateReserved": "2020-01-21T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:51:46.073Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-7260 (GCVE-0-2020-7260)

    Vulnerability from cvelistv5 – Published: 2020-03-26 10:55 – Updated: 2024-09-17 02:51
    VLAI
    Title
    MACC installer DLL side loading
    Summary
    DLL Side Loading vulnerability in the installer for McAfee Application and Change Control (MACC) prior to 8.3 allows local users to execute arbitrary code via execution from a compromised folder.
    CWE
    • CWE-264 - Permissions, Privileges, and Access Controls
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee, LLC Mcafee Application and Change Control (MACC) Affected: 8.x , < 8.3 (custom)
    Affected: 8.2.x , < 8.2.6 (custom)
    Create a notification for this product.
    Date Public
    2020-03-24 00:00
    Credits
    McAfee credits Pierre-Alexandre Braeken twitter: @pabraeken for responsibly disclosing this vulnerability to McAfee.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:25:48.595Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10313"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Mcafee Application and Change Control (MACC)",
              "vendor": "McAfee, LLC",
              "versions": [
                {
                  "lessThan": "8.3",
                  "status": "affected",
                  "version": "8.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.2.6",
                  "status": "affected",
                  "version": "8.2.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "McAfee credits Pierre-Alexandre Braeken twitter: @pabraeken for responsibly disclosing this vulnerability to McAfee."
            }
          ],
          "datePublic": "2020-03-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "DLL Side Loading vulnerability in the installer for McAfee Application and Change Control (MACC) prior to 8.3 allows local users to execute arbitrary code via execution from a compromised folder."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-264",
                  "description": "CWE-264 Permissions, Privileges, and Access Controls",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-26T10:55:13.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10313"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "MACC installer DLL side loading",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "DATE_PUBLIC": "2020-03-24T00:00:00.000Z",
              "ID": "CVE-2020-7260",
              "STATE": "PUBLIC",
              "TITLE": "MACC installer DLL side loading"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Mcafee Application and Change Control (MACC)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "8.x",
                                "version_value": "8.3"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "8.2.x",
                                "version_value": "8.2.6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee, LLC"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "McAfee credits Pierre-Alexandre Braeken twitter: @pabraeken for responsibly disclosing this vulnerability to McAfee."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "DLL Side Loading vulnerability in the installer for McAfee Application and Change Control (MACC) prior to 8.3 allows local users to execute arbitrary code via execution from a compromised folder."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-264 Permissions, Privileges, and Access Controls"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10313",
                  "refsource": "CONFIRM",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10313"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2020-7260",
        "datePublished": "2020-03-26T10:55:14.038Z",
        "dateReserved": "2020-01-21T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:51:46.073Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }