CVE-2020-7283

EPSS 0.34%
Veröffentlicht 03.07.2020 14:15:10
Zuletzt bearbeitet 21.11.2024 05:36:59
Quelle trellixpsirt@trellix.com
CVE-Watchlists
Login
Unerledigt
Login

Privilege Escalation vulnerability in McAfee Total Protection (MTP)

Privilege Escalation vulnerability in McAfee Total Protection (MTP) before 16.0.R26 allows local users to create and edit files via symbolic link manipulation in a location they would otherwise not have access to. This is achieved through running a malicious script or program on the target machine.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mcafee ≫ Total Protection Version < 16.0.r26

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.34%	0.536

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2	6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P
trellixpsirt@trellix.com	7.5	1.1	5.8	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

CWE-274 Improper Handling of Insufficient Privileges

The product does not handle or incorrectly handles when it has insufficient privileges to perform an operation, leading to resultant weaknesses.

https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS103062

https://nvd.nist.gov/vuln/detail/CVE-2020-7283

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-7283

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-7283

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2020-7283