Vulnerability Details : CVE-2020-7346
Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) for Windows prior to 11.6.100 allows a local, low privileged, attacker through the use of junctions to cause the product to load DLLs of the attacker's choosing. This requires the creation and removal of junctions by the attacker along with sending a specific IOTL command at the correct time.
Vulnerability category: Gain privilege
Products affected by CVE-2020-7346
- cpe:2.3:a:mcafee:data_loss_prevention:*:*:*:*:*:windows:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-7346
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-7346
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
McAfee (DEFUNCT) |
CWE ids for CVE-2020-7346
-
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.Assigned by:
- nvd@nist.gov (Secondary)
- psirt@mcafee.com (Primary)
References for CVE-2020-7346
-
https://kc.mcafee.com/corporate/index?page=content&id=SB10344
McAfee Security Bulletin - Data Loss Prevention for Windows update fixes one vulnerability (CVE-2020-7346)Patch;Vendor Advisory
Jump to