Privilege Escalation vulnerability in McAfee Total Protection (MTP) before 16.0.R26 allows local users to create and edit files via…
trellix·CWE-274·Published 2020-07-03
Privilege Escalation vulnerability in McAfee Total Protection (MTP) before 16.0.R26 allows local users to create and edit files via symbolic link manipulation in a location they would otherwise not have access to. This is achieved through running a malicious script or program on the target machine.
Privilege Escalation vulnerability in McAfee Total Protection (MTP) before 16.0.R26 allows local users to create and edit files via symbolic link manipulation in a location they would otherwise not have access to. This is achieved through running a malicious script or program on the target machine.
Una vulnerabilidad de escalada de privilegios en McAfee Total Protection (MTP) versiones anteriores a 16.0.R26, permite a usuarios locales crear y editar archivos mediante la manipulación de enlaces simbólicos en una ubicación a la que de otra manera no tendrían acceso. Esto es logrado mediante la ejecución de un script o programa malicioso en la máquina objetivo
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 4.6 | 3.9 | 6.4 | AV:L/AC:L/Au:N/C:P/I:P/A:P |
| 3.1 | Primary | NVD | 8.8 | 2.0 | 6.0 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
| 3.1 | Primary | cve.org | 7.5 | — | — | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H |
| 3.1 | Primary | cve.org | 7.5 | — | — | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H |
| 3.1 | Secondary | NVD | 7.5 | 1.1 | 5.8 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H |