CVE-2020-7299

Sensitive Data Exposure vulnerability in McAfee True Key Windows Client

CVSS 5 MEDIUMEPSS 0.4%CWE-522

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 5EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

04 sep 2020Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

Cleartext Storage of Sensitive Information in Memory vulnerability in Microsoft Windows client in McAfee True Key (TK) prior to 6.2.109.2 allows a local user logged in with administrative privileges to access to another user’s passwords on the same machine via triggering a process dump in specific situations.

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N

Productos afectados

McAfee,LLC · McAfee True Key Windows client

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://service.mcafee.com/webcenter/portal/oracle/webcenter/page/scopedMD/s55728c97_466d_4ddb_952d_05484ea932c6/Page29.jspx?wc.contextURL=%2Fspaces%2Fcp&articleId=TS103066&_afrLoop=1258314779734827&leftWidth=0%25&showFooter=false&showHeader=false&rightWidth=0%25&centerWidth=100%25