Lucene search

K
cveTrellixCVE-2023-0221
HistoryJan 13, 2023 - 4:15 p.m.

CVE-2023-0221

2023-01-1316:15:08
CWE-269
trellix
web.nvd.nist.gov
24
cve-2023-0221
product security
bypass vulnerability
acc
utilman
administrator privileges

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

AI Score

4.8

Confidence

High

EPSS

0

Percentile

12.6%

Product security bypass vulnerability in ACC prior to version 8.3.4 allows a locally logged-in attacker with administrator privileges to bypass the execution controls provided by ACC using the utilman program.

Affected configurations

Nvd
Node
mcafeeapplication_and_change_controlRange<8.3.4
VendorProductVersionCPE
mcafeeapplication_and_change_control*cpe:2.3:a:mcafee:application_and_change_control:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows"
    ],
    "product": "Application and Change Control",
    "vendor": "Trellix",
    "versions": [
      {
        "lessThan": "8.3.4",
        "status": "affected",
        "version": "8.x",
        "versionType": "custom"
      }
    ]
  }
]

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

AI Score

4.8

Confidence

High

EPSS

0

Percentile

12.6%

Related for CVE-2023-0221