Vulnerability Details : CVE-2014-9920
Unauthorized execution of binary vulnerability in McAfee (now Intel Security) McAfee Application Control (MAC) 6.0.0 before hotfix 9726, 6.0.1 before hotfix 9068, 6.1.0 before hotfix 692, 6.1.1 before hotfix 399, 6.1.2 before hotfix 426, and 6.1.3 before hotfix 357 and earlier allows attackers to create a malformed Windows binary that is considered non-executable and is not protected through the whitelisting protection feature via a specific set of circumstances.
Vulnerability category: BypassGain privilege
Products affected by CVE-2014-9920
- cpe:2.3:a:mcafee:application_control:6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:mcafee:application_control:6.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mcafee:application_control:6.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mcafee:application_control:6.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:mcafee:application_control:6.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:mcafee:application_control:6.0.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-9920
0.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 45 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-9920
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST | |
5.9
|
MEDIUM | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
2.2
|
3.6
|
NIST |
CWE ids for CVE-2014-9920
-
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-9920
-
https://kc.mcafee.com/corporate/index?page=content&id=SB10077
McAfee Security Bulletin - McAfee Application Control updates resolve unauthorized execution of binary vulnerability (CVE-2014-9920)Vendor Advisory
Jump to