CVE-2020-7334 HIGH

CVE-2020-7334: Improper privilege assignment vulnerability in the installer component of MACC

Vendor Mcafee,Llc
Product McAfee Application and Change Control (MACC)
Weakness CWE-266
Published October 15, 2020
Last update September 16, 2024

CVSS base score

7.7/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Improper privilege assignment vulnerability in the installer McAfee Application and Change Control (MACC) prior to 8.3.2 allows local administrators to change or update the configuration settings via a carefully constructed MSI configured to mimic the genuine installer. This version adds further controls for installation/uninstallation of software.

Key dates

02Disclosure timeline

October 15, 2020 CVE published
September 16, 2024 Record updated