CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 1CVE-2020-14418
https://notcve.org/view.php?id=CVE-2020-14418
30 Jan 2021 — A TOCTOU vulnerability exists in madCodeHook before 2020-07-16 that allows local attackers to elevate their privileges to SYSTEM. This occurs because path redirection can occur via vectors involving directory junctions. Se presenta una vulnerabilidad TOCTOU en madCodeHook antes del 16-07-2020, que permite a atacantes locales elevar sus privilegios a SYSTEM. Esto ocurre porque el redireccionamiento de ruta puede ocurrir por medio de vectores que involucran uniones de directorio • https://github.com/nettitude/metasploit-modules • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 6.7EPSS: 0%CPEs: 29EXPL: 0CVE-2017-12317
https://notcve.org/view.php?id=CVE-2017-12317
21 Oct 2017 — The Cisco AMP For Endpoints application allows an authenticated, local attacker to access a static key value stored in the local application software. The vulnerability is due to the use of a static key value stored in the application used to encrypt the connector protection password. An attacker could exploit this vulnerability by gaining local, administrative access to a Windows host and stopping the Cisco AMP for Endpoints service. Cisco Bug IDs: CSCvg42904. La aplicación Cisco AMP For Endpoints permite ... • http://www.securityfocus.com/bid/101520 • CWE-798: Use of Hard-coded Credentials •