CVE-2014-9920Improper Access Control in Intel Mcafee Application Control

CWE-284Improper Access Control4 documents4 sources
Severity
5.9MEDIUMNVD
EPSS
0.4%
top 40.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Intel Mcafee Application ControlMcafee Application Control
Timeline
PublishedMar 14
Latest updateMay 17

Description

Unauthorized execution of binary vulnerability in McAfee (now Intel Security) McAfee Application Control (MAC) 6.0.0 before hotfix 9726, 6.0.1 before hotfix 9068, 6.1.0 before hotfix 692, 6.1.1 before hotfix 399, 6.1.2 before hotfix 426, and 6.1.3 before hotfix 357 and earlier allows attackers to create a malformed Windows binary that is considered non-executable and is not protected through the whitelisting protection feature via a specific set of circumstances.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

CVEListV5intel/mcafee_application_control6.0.0 before hotfix 9726, 6.0.1 before hotfix 9068, 6.1.0 before hotfix 692, 6.1.1 before hotfix 399, 6.1.2 before hotfix 426, and 6.1.3 before hotfix 357 and earlier
NVDmcafee/application_control6 versions+5

🔴Vulnerability Details

2
GHSA
GHSA-2vwx-95mp-76h9: Unauthorized execution of binary vulnerability in McAfee (now Intel Security) McAfee Application Control (MAC) 62022-05-17
CVEList
CVE-2014-9920: Unauthorized execution of binary vulnerability in McAfee (now Intel Security) McAfee Application Control (MAC) 62017-03-14

💬Community

1
Bugzilla
CVE-2014-6421 CVE-2014-6422 wireshark: RTP dissector crash (wnpa-sec-2014-12)2014-09-17
CVE-2014-9920 — Improper Access Control in Intel | cvebase