CVE-2023-0221

Product security bypass vulnerability in ACC prior to version 8.3.4 allows a locally logged-in attacker with administrator privileges to bypass the execution controls provided by ACC using the utilman program.

CVSS v3 4.4 MEDIUM

4.4^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://kcm.trellix.com/corporate/index?page=content&id=SB10370	Mitigation Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:mcafee:application_and_change_control:*:*:*:*:*:*:*:*

History

07 Nov 2023, 03:59

Type	Values Removed	Values Added
Summary	Product security bypass vulnerability in ACC prior to version 8.3.4 allows a locally logged-in attacker with administrator privileges to bypass the execution controls provided by ACC using the utilman program.	Product security bypass vulnerability in ACC prior to version 8.3.4 allows a locally logged-in attacker with administrator privileges to bypass the execution controls provided by ACC using the utilman program.

Information

Published : 2023-01-13 16:15

Updated : 2024-02-28 19:51

NVD link : CVE-2023-0221

Mitre link : CVE-2023-0221

CVE.ORG link : CVE-2023-0221

JSON object : View

Products Affected

mcafee

application_and_change_control

CWE

CWE-269

Improper Privilege Management

4.4 /10