Incorrect Privilege Assignment

CVE-2020-7334

High

7.7/10

Summary

Improper privilege assignment vulnerability in the installer McAfee Application and Change Control (MACC) prior to 8.3.2 allows local administrators to change or update the configuration settings via a carefully constructed MSI configured to mimic the genuine installer. This version adds further controls for installation/uninstallation of software.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: CHANGED
User Interaction: REQUIRED
Privileges Required: HIGH
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-266 - Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

References

Advisory Timeline

Published Oct 15, 2020

Incorrect Privilege Assignment

CVE-2020-7334

Summary

CWE-266 - Incorrect Privilege Assignment

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS