Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for True Key by McAfee

    CVE-2018-6757 (GCVE-0-2018-6757)

    Vulnerability from nvd – Published: 2018-12-06 23:00 – Updated: 2024-08-05 06:10
    VLAI
    Title
    True Key (TK) Windows Client - Privilege Escalation vulnerability
    Summary
    Privilege Escalation vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware.
    CWE
    • Privilege Escalation vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee True Key Affected: 5.1.230.7 , ≤ 5.1.230.7 (custom)
    Create a notification for this product.
    Date Public
    2018-12-06 00:00
    Credits
    McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:10:11.374Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "45961",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/45961/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x86"
              ],
              "product": "True Key",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThanOrEqual": "5.1.230.7",
                  "status": "affected",
                  "version": "5.1.230.7",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product."
            }
          ],
          "datePublic": "2018-12-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Privilege Escalation vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege Escalation vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-12T10:57:01.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "name": "45961",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/45961/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
            }
          ],
          "source": {
            "advisory": "TS102872",
            "discovery": "EXTERNAL"
          },
          "title": "True Key (TK) Windows Client - Privilege Escalation vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "ID": "CVE-2018-6757",
              "STATE": "PUBLIC",
              "TITLE": "True Key (TK) Windows Client - Privilege Escalation vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "True Key",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c=",
                                "platform": "x86",
                                "version_affected": "\u003c=",
                                "version_name": "5.1.230.7",
                                "version_value": "5.1.230.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Privilege Escalation vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege Escalation vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "45961",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/45961/"
                },
                {
                  "name": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872",
                  "refsource": "CONFIRM",
                  "url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
                }
              ]
            },
            "source": {
              "advisory": "TS102872",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2018-6757",
        "datePublished": "2018-12-06T23:00:00.000Z",
        "dateReserved": "2018-02-06T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:10:11.374Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-6756 (GCVE-0-2018-6756)

    Vulnerability from nvd – Published: 2018-12-06 23:00 – Updated: 2024-08-05 06:10
    VLAI
    Title
    True Key (TK) Windows Client - Authentication Abuse vulnerability
    Summary
    Authentication Abuse vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute unauthorized commands via specially crafted malware.
    CWE
    • Authentication Abuse vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee True Key Affected: 5.1.230.7 , ≤ 5.1.230.7 (custom)
    Create a notification for this product.
    Date Public
    2018-12-06 00:00
    Credits
    McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:10:11.276Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "45961",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/45961/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x86"
              ],
              "product": "True Key",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThanOrEqual": "5.1.230.7",
                  "status": "affected",
                  "version": "5.1.230.7",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product."
            }
          ],
          "datePublic": "2018-12-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Authentication Abuse vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute unauthorized commands via specially crafted malware."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Authentication Abuse vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-12T10:57:01.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "name": "45961",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/45961/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
            }
          ],
          "source": {
            "advisory": "TS102872",
            "discovery": "EXTERNAL"
          },
          "title": "True Key (TK) Windows Client - Authentication Abuse vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "ID": "CVE-2018-6756",
              "STATE": "PUBLIC",
              "TITLE": "True Key (TK) Windows Client - Authentication Abuse vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "True Key",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c=",
                                "platform": "x86",
                                "version_affected": "\u003c=",
                                "version_name": "5.1.230.7",
                                "version_value": "5.1.230.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Authentication Abuse vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute unauthorized commands via specially crafted malware."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Authentication Abuse vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "45961",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/45961/"
                },
                {
                  "name": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872",
                  "refsource": "CONFIRM",
                  "url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
                }
              ]
            },
            "source": {
              "advisory": "TS102872",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2018-6756",
        "datePublished": "2018-12-06T23:00:00.000Z",
        "dateReserved": "2018-02-06T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:10:11.276Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-6755 (GCVE-0-2018-6755)

    Vulnerability from nvd – Published: 2018-12-06 23:00 – Updated: 2024-08-05 06:10
    VLAI
    Title
    True Key (TK) Windows Client - Weak Directory Permission Vulnerability
    Summary
    Weak Directory Permission Vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware.
    CWE
    • Weak Directory Permission Vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee True Key Affected: 5.1.230.7 , ≤ 5.1.230.7 (custom)
    Create a notification for this product.
    Date Public
    2018-12-06 00:00
    Credits
    McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:10:11.371Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "45961",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/45961/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x86"
              ],
              "product": "True Key",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThanOrEqual": "5.1.230.7",
                  "status": "affected",
                  "version": "5.1.230.7",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product."
            }
          ],
          "datePublic": "2018-12-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Weak Directory Permission Vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Weak Directory Permission\u00a0Vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-12T10:57:01.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "name": "45961",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/45961/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
            }
          ],
          "source": {
            "advisory": "TS102872",
            "discovery": "EXTERNAL"
          },
          "title": "True Key (TK) Windows Client - Weak Directory Permission\u00a0Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "ID": "CVE-2018-6755",
              "STATE": "PUBLIC",
              "TITLE": "True Key (TK) Windows Client - Weak Directory Permission\u00a0Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "True Key",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c=",
                                "platform": "x86",
                                "version_affected": "\u003c=",
                                "version_name": "5.1.230.7",
                                "version_value": "5.1.230.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Weak Directory Permission Vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Weak Directory Permission\u00a0Vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "45961",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/45961/"
                },
                {
                  "name": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872",
                  "refsource": "CONFIRM",
                  "url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
                }
              ]
            },
            "source": {
              "advisory": "TS102872",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2018-6755",
        "datePublished": "2018-12-06T23:00:00.000Z",
        "dateReserved": "2018-02-06T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:10:11.371Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-6661 (GCVE-0-2018-6661)

    Vulnerability from nvd – Published: 2018-04-02 13:00 – Updated: 2024-09-16 18:13
    VLAI
    Title
    TS102801 True Key DLL Side-Loading vulnerability
    Summary
    DLL Side-Loading vulnerability in Microsoft Windows Client in McAfee True Key before 4.20.110 allows local users to gain privilege elevation via not verifying a particular DLL file signature.
    CWE
    • DLL Side-Loading vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee True Key Affected: 4.20.110 , < 4.20.110 (custom)
    Create a notification for this product.
    Date Public
    2018-03-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:10:11.310Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102801"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "True Key",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThan": "4.20.110",
                  "status": "affected",
                  "version": "4.20.110",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-03-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "DLL Side-Loading vulnerability in Microsoft Windows Client in McAfee True Key before 4.20.110 allows local users to gain privilege elevation via not verifying a particular DLL file signature."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "DLL Side-Loading vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-04-02T12:57:01.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102801"
            }
          ],
          "source": {
            "advisory": "TS102801",
            "discovery": "EXTERNAL"
          },
          "title": "TS102801 True Key DLL Side-Loading vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "DATE_PUBLIC": "2018-03-31T00:00:00.000Z",
              "ID": "CVE-2018-6661",
              "STATE": "PUBLIC",
              "TITLE": "TS102801 True Key DLL Side-Loading vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "True Key",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "4.20.110",
                                "version_value": "4.20.110"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "DLL Side-Loading vulnerability in Microsoft Windows Client in McAfee True Key before 4.20.110 allows local users to gain privilege elevation via not verifying a particular DLL file signature."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "DLL Side-Loading vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102801",
                  "refsource": "CONFIRM",
                  "url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102801"
                }
              ]
            },
            "source": {
              "advisory": "TS102801",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2018-6661",
        "datePublished": "2018-04-02T13:00:00.000Z",
        "dateReserved": "2018-02-06T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:13:31.477Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-6756 (GCVE-0-2018-6756)

    Vulnerability from cvelistv5 – Published: 2018-12-06 23:00 – Updated: 2024-08-05 06:10
    VLAI
    Title
    True Key (TK) Windows Client - Authentication Abuse vulnerability
    Summary
    Authentication Abuse vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute unauthorized commands via specially crafted malware.
    CWE
    • Authentication Abuse vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee True Key Affected: 5.1.230.7 , ≤ 5.1.230.7 (custom)
    Create a notification for this product.
    Date Public
    2018-12-06 00:00
    Credits
    McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:10:11.276Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "45961",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/45961/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x86"
              ],
              "product": "True Key",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThanOrEqual": "5.1.230.7",
                  "status": "affected",
                  "version": "5.1.230.7",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product."
            }
          ],
          "datePublic": "2018-12-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Authentication Abuse vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute unauthorized commands via specially crafted malware."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Authentication Abuse vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-12T10:57:01.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "name": "45961",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/45961/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
            }
          ],
          "source": {
            "advisory": "TS102872",
            "discovery": "EXTERNAL"
          },
          "title": "True Key (TK) Windows Client - Authentication Abuse vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "ID": "CVE-2018-6756",
              "STATE": "PUBLIC",
              "TITLE": "True Key (TK) Windows Client - Authentication Abuse vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "True Key",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c=",
                                "platform": "x86",
                                "version_affected": "\u003c=",
                                "version_name": "5.1.230.7",
                                "version_value": "5.1.230.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Authentication Abuse vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute unauthorized commands via specially crafted malware."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Authentication Abuse vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "45961",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/45961/"
                },
                {
                  "name": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872",
                  "refsource": "CONFIRM",
                  "url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
                }
              ]
            },
            "source": {
              "advisory": "TS102872",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2018-6756",
        "datePublished": "2018-12-06T23:00:00.000Z",
        "dateReserved": "2018-02-06T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:10:11.276Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-6757 (GCVE-0-2018-6757)

    Vulnerability from cvelistv5 – Published: 2018-12-06 23:00 – Updated: 2024-08-05 06:10
    VLAI
    Title
    True Key (TK) Windows Client - Privilege Escalation vulnerability
    Summary
    Privilege Escalation vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware.
    CWE
    • Privilege Escalation vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee True Key Affected: 5.1.230.7 , ≤ 5.1.230.7 (custom)
    Create a notification for this product.
    Date Public
    2018-12-06 00:00
    Credits
    McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:10:11.374Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "45961",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/45961/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x86"
              ],
              "product": "True Key",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThanOrEqual": "5.1.230.7",
                  "status": "affected",
                  "version": "5.1.230.7",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product."
            }
          ],
          "datePublic": "2018-12-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Privilege Escalation vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege Escalation vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-12T10:57:01.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "name": "45961",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/45961/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
            }
          ],
          "source": {
            "advisory": "TS102872",
            "discovery": "EXTERNAL"
          },
          "title": "True Key (TK) Windows Client - Privilege Escalation vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "ID": "CVE-2018-6757",
              "STATE": "PUBLIC",
              "TITLE": "True Key (TK) Windows Client - Privilege Escalation vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "True Key",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c=",
                                "platform": "x86",
                                "version_affected": "\u003c=",
                                "version_name": "5.1.230.7",
                                "version_value": "5.1.230.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Privilege Escalation vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege Escalation vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "45961",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/45961/"
                },
                {
                  "name": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872",
                  "refsource": "CONFIRM",
                  "url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
                }
              ]
            },
            "source": {
              "advisory": "TS102872",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2018-6757",
        "datePublished": "2018-12-06T23:00:00.000Z",
        "dateReserved": "2018-02-06T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:10:11.374Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-6755 (GCVE-0-2018-6755)

    Vulnerability from cvelistv5 – Published: 2018-12-06 23:00 – Updated: 2024-08-05 06:10
    VLAI
    Title
    True Key (TK) Windows Client - Weak Directory Permission Vulnerability
    Summary
    Weak Directory Permission Vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware.
    CWE
    • Weak Directory Permission Vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee True Key Affected: 5.1.230.7 , ≤ 5.1.230.7 (custom)
    Create a notification for this product.
    Date Public
    2018-12-06 00:00
    Credits
    McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:10:11.371Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "45961",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/45961/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x86"
              ],
              "product": "True Key",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThanOrEqual": "5.1.230.7",
                  "status": "affected",
                  "version": "5.1.230.7",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product."
            }
          ],
          "datePublic": "2018-12-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Weak Directory Permission Vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Weak Directory Permission\u00a0Vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-12T10:57:01.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "name": "45961",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/45961/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
            }
          ],
          "source": {
            "advisory": "TS102872",
            "discovery": "EXTERNAL"
          },
          "title": "True Key (TK) Windows Client - Weak Directory Permission\u00a0Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "ID": "CVE-2018-6755",
              "STATE": "PUBLIC",
              "TITLE": "True Key (TK) Windows Client - Weak Directory Permission\u00a0Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "True Key",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c=",
                                "platform": "x86",
                                "version_affected": "\u003c=",
                                "version_name": "5.1.230.7",
                                "version_value": "5.1.230.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Weak Directory Permission Vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Weak Directory Permission\u00a0Vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "45961",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/45961/"
                },
                {
                  "name": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872",
                  "refsource": "CONFIRM",
                  "url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
                }
              ]
            },
            "source": {
              "advisory": "TS102872",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2018-6755",
        "datePublished": "2018-12-06T23:00:00.000Z",
        "dateReserved": "2018-02-06T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:10:11.371Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-6661 (GCVE-0-2018-6661)

    Vulnerability from cvelistv5 – Published: 2018-04-02 13:00 – Updated: 2024-09-16 18:13
    VLAI
    Title
    TS102801 True Key DLL Side-Loading vulnerability
    Summary
    DLL Side-Loading vulnerability in Microsoft Windows Client in McAfee True Key before 4.20.110 allows local users to gain privilege elevation via not verifying a particular DLL file signature.
    CWE
    • DLL Side-Loading vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee True Key Affected: 4.20.110 , < 4.20.110 (custom)
    Create a notification for this product.
    Date Public
    2018-03-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:10:11.310Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102801"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "True Key",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThan": "4.20.110",
                  "status": "affected",
                  "version": "4.20.110",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-03-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "DLL Side-Loading vulnerability in Microsoft Windows Client in McAfee True Key before 4.20.110 allows local users to gain privilege elevation via not verifying a particular DLL file signature."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "DLL Side-Loading vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-04-02T12:57:01.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102801"
            }
          ],
          "source": {
            "advisory": "TS102801",
            "discovery": "EXTERNAL"
          },
          "title": "TS102801 True Key DLL Side-Loading vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "DATE_PUBLIC": "2018-03-31T00:00:00.000Z",
              "ID": "CVE-2018-6661",
              "STATE": "PUBLIC",
              "TITLE": "TS102801 True Key DLL Side-Loading vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "True Key",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "4.20.110",
                                "version_value": "4.20.110"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "DLL Side-Loading vulnerability in Microsoft Windows Client in McAfee True Key before 4.20.110 allows local users to gain privilege elevation via not verifying a particular DLL file signature."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "DLL Side-Loading vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102801",
                  "refsource": "CONFIRM",
                  "url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102801"
                }
              ]
            },
            "source": {
              "advisory": "TS102801",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2018-6661",
        "datePublished": "2018-04-02T13:00:00.000Z",
        "dateReserved": "2018-02-06T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:13:31.477Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }