PT-2020-6160 · Mcafee · Mcafee Total Protection

Published

2020-08-19

Updated

2020-12-08

CVE-2020-7335

CVSS v3.1

7.8

High

Vector

AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions McAfee Total Protection versions prior to 16.0.29

Description The issue is related to a lack of proper access control in McAfee Total Protection, allowing local users to elevate their privileges. This can be achieved through careful manipulation of a folder by creating a junction link, exploiting a timing issue that lacks protection. The exploitation window for this issue is small.

Recommendations For versions prior to 16.0.29, update to version 16.0.29 or later to resolve the issue. As a temporary workaround, consider restricting access to the folder that can be manipulated to create a junction link, to minimize the risk of exploitation.

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

BDU:2021-03219

CVE-2020-7335

ZDI-20-1388

Affected Products

Mcafee Total Protection

PT-2020-6160 · Mcafee · Mcafee Total Protection

CVE-2020-7335

Weakness Enumeration

Related Identifiers

Affected Products

References · 9