CVE-2020-7343
MEDIUMMcAfee Agent < 5.7.1 - Missing Authorization for Update Blocking via Temporary Directory Manipulation
Title source: llmDescription
Missing Authorization vulnerability in McAfee Agent (MA) for Windows prior to 5.7.1 allows local users to block McAfee product updates by manipulating a directory used by MA for temporary files. The product would continue to function with out-of-date detection files.
References (1)
Core 1
Core References
Broken Link, Vendor Advisory x_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10343
Scores
CVSS v3
5.5
EPSS
0.0015
EPSS Percentile
35.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-862
Status
published
Products (1)
mcafee/agent
< 5.7.1
Published
Jan 18, 2021
Tracked Since
Feb 18, 2026