CVE-2020-7312

HIGH

Mcafee Agent < 5.6.6 - Uncontrolled Search Path

Title source: rule

Description

DLL Search Order Hijacking Vulnerability in the installer in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to execute arbitrary code and escalate privileges via execution from a compromised folder.

References (1)

[Vendor Advisory] https://kc.mcafee.com/corporate/index?page=content&id=SB10325

Scores

CVSS v3 7.8

EPSS 0.0005

EPSS Percentile 15.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Classification

CWE

CWE-427

Status published

Affected Products (1)

mcafee/mcafee_agent < 5.6.6

Timeline

Published Sep 10, 2020

Tracked Since Feb 18, 2026