CVE-2018-6674 Vulnerability Details

  /     /     /  

CVE-2018-6674 Metadata Quick Info

CVE Published: 25/05/2018 | CVE Updated: 05/08/2024 | CVE Year: 2018
Source: trellix | Vendor: McAfee, LLC | Product: VirusScan Enterprise (VSE)
Status : PUBLISHED

CVE-2018-6674 Description

Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 13 allows local users to spawn unrelated processes with elevated privileges via the system administrator granting McTray.exe elevated privileges (by default it runs with the current user\'s privileges).

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-264
CWE Name: Permissions, Privileges, and Access Control (CWE-264)
Source: McAfee, LLC

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).