CVE-2014-9920 — MEDIUM (5.9)

Vulnerability Description

Unauthorized execution of binary vulnerability in McAfee (now Intel Security) McAfee Application Control (MAC) 6.0.0 before hotfix 9726, 6.0.1 before hotfix 9068, 6.1.0 before hotfix 692, 6.1.1 before hotfix 399, 6.1.2 before hotfix 426, and 6.1.3 before hotfix 357 and earlier allows attackers to create a malformed Windows binary that is considered non-executable and is not protected through the whitelisting protection feature via a specific set of circumstances.

CVSS Score

5.9

MEDIUM

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Mcafee	Application Control	6.0.0

Related Weaknesses (CWE)

CWE-284

References

https://kc.mcafee.com/corporate/index?page=content&id=SB10077Vendor Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10077Vendor Advisory

FAQ

What is CVE-2014-9920?

CVE-2014-9920 is a vulnerability with a CVSS score of 5.9 (MEDIUM). Unauthorized execution of binary vulnerability in McAfee (now Intel Security) McAfee Application Control (MAC) 6.0.0 before hotfix 9726, 6.0.1 before hotfix 9068, 6.1.0 before hotfix 692, 6.1.1 before...

How severe is CVE-2014-9920?

CVE-2014-9920 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-9920?

Check the references section above for vendor advisories and patch information. Affected products include: Mcafee Application Control.