Description
Potential product security bypass vulnerability in McAfee Application and Change Control (MACC) prior to version 8.3.4 allows a locally logged in attacker to circumvent the application solidification protection provided by MACC, permitting them to run applications that would usually be prevented by MACC. This would require the attacker to rename the specified binary to match name of any configured updater and perform a specific set of steps, resulting in the renamed binary to be to run.
CVSS Metrics
- Vector
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
- Attack Vector
- local
- Complexity
- low
- Privileges
- low
- User Action
- none
- Scope
- unchanged
- Confidentiality
- none
- Integrity
- high
- Availability
- high
- Weaknesses
- CWE-269NVD-CWE-noinfo
Metadata
- Primary Vendor
- MCAFEE
- Published
- 1/4/2022
- Last Modified
- 11/21/2024
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
mcafee : application_and_change_control
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.