CVE-2013-7460

A write protection and execution bypass vulnerability in McAfee (now Intel Security) Application Control (MAC) 6.1.0 for Linux and earlier allows authenticated users to change binaries that are part of the Application Control whitelist and allows execution of binaries via specific conditions.

CVSS v3 5.5 MEDIUM
CVSS v2.0 2.1 LOW

5.5^/10

CVSS v3 : MEDIUM

Vector : AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://kc.mcafee.com/corporate/index?page=content&id=SB10054	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mcafee:application_control::::::linux::*
	cpe:2.3:a:mcafee:change_control::::::linux::*

History

No history.

Information

Published : 2017-03-14 22:59

Updated : 2024-02-28 15:44

NVD link : CVE-2013-7460

Mitre link : CVE-2013-7460

CVE.ORG link : CVE-2013-7460

JSON object : View

Products Affected

mcafee

change_control
application_control

CWE

CWE-284

Improper Access Control

{"id": "CVE-2013-7460", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2017-03-14T22:59:00.180", "references": [{"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10054", "tags": ["Patch", "Vendor Advisory"], "source": "secure@intel.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "A write protection and execution bypass vulnerability in McAfee (now Intel Security) Application Control (MAC) 6.1.0 for Linux and earlier allows authenticated users to change binaries that are part of the Application Control whitelist and allows execution of binaries via specific conditions."}, {"lang": "es", "value": "Una vulnerabilidad de elusi\u00f3n de protecci\u00f3n de escritura y ejecuci\u00f3n en McAfee (ahora Intel Security) Application Control (MAC) 6.1.0 para Linux y versiones anteriores permite a usuarios autenticados cambiar los binarios que forman parte de la lista blanca de Application Control y permite ejecuci\u00f3n de binarios a trav\u00e9s de condiciones espec\u00edficas."}], "lastModified": "2017-03-17T13:23:35.027", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mcafee:application_control:*:*:*:*:*:linux:*:*", "vulnerable": true, "matchCriteriaId": "70954478-492A-4133-B9C2-763E58B39C2A", "versionEndIncluding": "6.1.0"}, {"criteria": "cpe:2.3:a:mcafee:change_control:*:*:*:*:*:linux:*:*", "vulnerable": true, "matchCriteriaId": "1FA809D9-F44D-46C8-9663-02E75574CC51", "versionEndIncluding": "6.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "secure@intel.com"}