CVE-2020-7343

CWE-862 — Missing Authorization3 documents3 sources

Severity

5.5MEDIUM

EPSS

0.1%

top 64.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mcafee, LLC Mcafee Agent Mcafee Agent

Timeline

PublishedJan 18

Latest updateMay 24

Description

Missing Authorization vulnerability in McAfee Agent (MA) for Windows prior to 5.7.1 allows local users to block McAfee product updates by manipulating a directory used by MA for temporary files. The product would continue to function with out-of-date detection files.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDmcafee/agent< 5.7.1

▶CVEListV5mcafee,_llc/mcafee_agent5.7.x — 5.7.1

🔴Vulnerability Details

GHSA

GHSA-v42c-5jq2-7p9m: Missing Authorization vulnerability in McAfee Agent (MA) for Windows prior to 5↗2022-05-24

▶

CVEList

Improper Authorization vulnerability in MA↗2021-01-18

▶