
CVE-2023-0221
https://notcve.org/view.php?id=CVE-2023-0221
13 Jan 2023 — Product security bypass vulnerability in ACC prior to version 8.3.4 allows a locally logged-in attacker with administrator privileges to bypass the execution controls provided by ACC using the utilman program. • https://kcm.trellix.com/corporate/index?page=content&id=SB10370 • CWE-269: Improper Privilege Management •

CVE-2021-31833
https://notcve.org/view.php?id=CVE-2021-31833
04 Jan 2022 — Potential product security bypass vulnerability in McAfee Application and Change Control (MACC) prior to version 8.3.4 allows a locally logged in attacker to circumvent the application solidification protection provided by MACC, permitting them to run applications that would usually be prevented by MACC. This would require the attacker to rename the specified binary to match name of any configured updater and perform a specific set of steps, resulting in the renamed binary to be to run. Una posible vulnerab... • https://kc.mcafee.com/corporate/index?page=content&id=SB10370 • CWE-269: Improper Privilege Management •

CVE-2020-7334 – Improper privilege assignment vulnerability in the installer component of MACC
https://notcve.org/view.php?id=CVE-2020-7334
15 Oct 2020 — Improper privilege assignment vulnerability in the installer McAfee Application and Change Control (MACC) prior to 8.3.2 allows local administrators to change or update the configuration settings via a carefully constructed MSI configured to mimic the genuine installer. This version adds further controls for installation/uninstallation of software. Una vulnerabilidad de asignación de privilegios inapropiada en el instalador McAfee Application and Change Control (MACC) versiones anteriores a 8.3.2, permite a... • https://kc.mcafee.com/corporate/index?page=content&id=SB10333 • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management •

CVE-2020-7309 – Cross Site Scripting vulnerability in ePO extension of MACC
https://notcve.org/view.php?id=CVE-2020-7309
26 Aug 2020 — Cross Site Scripting vulnerability in ePO extension in McAfee Application Control (MAC) prior to 8.3.1 allows administrators to inject arbitrary web script or HTML via specially crafted input in the policy discovery section. Una vulnerabilidad de tipo Cross Site Scripting en la extensión ePO en McAfee Application Control (MAC) versiones anteriores a 8.3.1, permite a administradores inyectar un script web o HTML arbitrario por medio de una entrada especialmente diseñada en la sección policy discovery • https://kc.mcafee.com/corporate/index?page=content&id=SB10324 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2020-7260 – MACC installer DLL side loading
https://notcve.org/view.php?id=CVE-2020-7260
26 Mar 2020 — DLL Side Loading vulnerability in the installer for McAfee Application and Change Control (MACC) prior to 8.3 allows local users to execute arbitrary code via execution from a compromised folder. Una vulnerabilidad de Carga Lateral de DLL en el instalador de McAfee Application and Change Control (MACC) versiones anteriores a 8.3, permite a usuarios locales ejecutar código arbitrario por medio de una ejecución desde una carpeta comprometida. • https://kc.mcafee.com/corporate/index?page=content&id=SB10313 • CWE-264: Permissions, Privileges, and Access Controls CWE-426: Untrusted Search Path •

CVE-2018-6668 – Bypass Application Control with simple DLL
https://notcve.org/view.php?id=CVE-2018-6668
31 Dec 2018 — A whitelist bypass vulnerability in McAfee Application Control / Change Control 7.0.1 and before allows execution bypass, for example, with simple DLL through interpreters such as PowerShell. Una vulnerabilidad de omisión de autenticación de lista blanca en McAfee Application Control / Change Control en versiones anteriores a la 7.0.1 permite omitir la ejecución, por ejemplo, con DLL simple mediante intérpretes como PowerShell. • http://www.securityfocus.com/bid/106282 •

CVE-2018-6669 – Bypass Application Control through an ASP.NET form
https://notcve.org/view.php?id=CVE-2018-6669
20 Dec 2018 — A whitelist bypass vulnerability in McAfee Application Control / Change Control 7.0.1 and before allows a remote or local user to execute blacklisted files through an ASP.NET form. Una vulnerabilidad de omisión de listas blancas en McAfee Application Control/Change Control, en versiones 7.0.1 y anteriores, permite que un usuario local o remoto ejecute archivos en la lista negra mediante un formulario de ASP.NET. • http://www.securityfocus.com/bid/106282 • CWE-425: Direct Request ('Forced Browsing') •

CVE-2017-3912 – McAfee Application Control and Change Control (MACC) - password management security feature bypass (SFB) leading to an authentication bypass
https://notcve.org/view.php?id=CVE-2017-3912
18 Sep 2018 — Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility. Vulnerabilidad de omisión de contraseña de seguridad en McAfee Application and Change Control (MACC) 7.0.1 y 6.2.0 permite que usuarios autenticados ejecuten comandos arbitrarios mediante una utilidad de línea de comandos arbitrarios. • http://www.securityfocus.com/bid/102988 • CWE-274: Improper Handling of Insufficient Privileges CWE-287: Improper Authentication •

CVE-2018-6690 – McAfee Application Control (MAC) - Whitelist bypass using a hard drive solidified by MACC
https://notcve.org/view.php?id=CVE-2018-6690
18 Sep 2018 — Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in McAfee Application and Change Control (MACC) 8.0.0 Hotfix 4 and earlier allows authenticated users to execute arbitrary code via file transfer from external system. Una vulnerabilidad de acceso, modificación o ejecución de archivos ejecutables en el cliente Microsoft Windows en McAfee Application and Change Control (MACC) 8.0.0 Hotfix 4 y anteriores permite que usuarios autenticados ejecuten código arbitrario me... • https://cert-portal.siemens.com/productcert/pdf/ssa-674165.pdf • CWE-346: Origin Validation Error •

CVE-2016-8009
https://notcve.org/view.php?id=CVE-2016-8009
14 Mar 2017 — Privilege escalation vulnerability in Intel Security McAfee Application Control (MAC) 7.0 and 6.x versions allows attackers to cause DoS, unexpected behavior, or potentially unauthorized code execution via an unauthorized use of IOCTL call. Vulnerabilidad de escalada de privilegios en Intel Security McAfee Application Control (MAC) versiones 7.0 y 6.x permite a atacantes provocar DoS, comportamiento inesperado o potencialmente ejecución de código no autorizada a través de un uso no autorizado de llamada IOC... • https://kc.mcafee.com/corporate/index?page=content&id=SB10175 • CWE-264: Permissions, Privileges, and Access Controls •