CVE-2013-7461

A write protection and execution bypass vulnerability in McAfee (now Intel Security) Change Control (MCC) 6.1.0 for Linux and earlier allows authenticated users to change files that are part of write protection rules via specific conditions.

CVSS v3 5.5 MEDIUM
CVSS v2.0 2.1 LOW

5.5^/10

CVSS v3 : MEDIUM

Vector : AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://kc.mcafee.com/corporate/index?page=content&id=SB10054	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mcafee:application_control::::::linux::*
	cpe:2.3:a:mcafee:change_control::::::linux::*

History

No history.

Information

Published : 2017-03-14 22:59

Updated : 2024-02-28 15:44

NVD link : CVE-2013-7461

Mitre link : CVE-2013-7461

CVE.ORG link : CVE-2013-7461

JSON object : View

Products Affected

mcafee

change_control
application_control

CWE

CWE-284

Improper Access Control

{"id": "CVE-2013-7461", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2017-03-14T22:59:00.227", "references": [{"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10054", "tags": ["Patch", "Vendor Advisory"], "source": "secure@intel.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "A write protection and execution bypass vulnerability in McAfee (now Intel Security) Change Control (MCC) 6.1.0 for Linux and earlier allows authenticated users to change files that are part of write protection rules via specific conditions."}, {"lang": "es", "value": "Una vulnerabilidad de elusi\u00f3n de protecci\u00f3n de escritura y ejecuci\u00f3n en McAfee (ahora Intel Security) Change Control (MCC) 6.1.0 para Linux y versiones anteriores permite a usuarios autenticados cambiar archivos que forman parte de las reglas de protecci\u00f3n de escritura a trav\u00e9s de condiciones espec\u00edficas."}], "lastModified": "2017-03-16T19:38:39.327", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mcafee:application_control:*:*:*:*:*:linux:*:*", "vulnerable": true, "matchCriteriaId": "70954478-492A-4133-B9C2-763E58B39C2A", "versionEndIncluding": "6.1.0"}, {"criteria": "cpe:2.3:a:mcafee:change_control:*:*:*:*:*:linux:*:*", "vulnerable": true, "matchCriteriaId": "1FA809D9-F44D-46C8-9663-02E75574CC51", "versionEndIncluding": "6.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "secure@intel.com"}