CVE-2020-7335 HIGH

CVE-2020-7335: Privilege Escalation vulnerability in McAfee Total Protection (MTP)

Vendor Mcafee,Llc
Product McAfee Total Protection (MTP)
Weakness CWE-269
Published December 1, 2020
Last update August 4, 2024
View on NVD All CVEs

CVSS base score

7.5/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Privilege Escalation vulnerability in Microsoft Windows client McAfee Total Protection (MTP) prior to 16.0.29 allows local users to gain elevated privileges via careful manipulation of a folder by creating a junction link. This exploits a lack of protection through a timing issue and is only exploitable in a small time window.

Key dates

02Disclosure timeline

December 1, 2020 CVE published
August 4, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-6897 Wishlist Member <= 3.30.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Options Update via 'wishlistmember_team_accounts_save_settings' AJAX action CVE-2023-37866 WordPress JetFormBuilder plugin <= 3.0.8 - Authenticated Privilege Escalation vulnerability CVE-2025-9966 Execution with Unnecessary Privileges CVE-2024-5759 Improper privilege management CVE-2024-6325 Rockwell Automation Unsecured Private Keys in FactoryTalk® System Services