CVE-2020-7299 - OpenCVE

Cleartext Storage of Sensitive Information in Memory vulnerability in Microsoft Windows client in McAfee True Key (TK) prior to 6.2.109.2 allows a local user logged in with administrative privileges to access to another user’s passwords on the same machine via triggering a process dump in specific situations.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:M/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mcafee	True Key

Configuration 1 [-]

cpe:2.3:a:mcafee:true_key:*:*:*:*:*:windows:*:*

No data.

References

Link	Providers
https://service.mcafee.com/webcenter/portal/oracle/webcenter/page/scopedMD/s55728c97_466d_4ddb_952d_05484ea932c6/Page29.jspx?wc.contextURL=%2Fspaces%2Fcp&articleId=TS103066&_afrLoop=1258314779734827&leftWidth=0%25&showFooter=false&showHeader=false&rightWidth=0%25&centerWidth=100%25

History

No history.

MITRE

Status: PUBLISHED

Assigner: trellix

Published: 2020-09-04T14:05:21.286070Z

Updated: 2024-09-16T19:05:05.653Z

Reserved: 2020-01-21T00:00:00

Link: CVE-2020-7299

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-09-04T14:15:11.457

Modified: 2023-11-07T03:25:55.550

Link: CVE-2020-7299

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "McAfee True Key Windows client", "vendor": "McAfee,LLC", "versions": [{"lessThan": "6.2.110.8", "status": "affected", "version": "6.x", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "McAfee credits nestedif for responsibly reporting this flaw."}], "datePublic": "2020-09-04T00:00:00", "descriptions": [{"lang": "en", "value": "Cleartext Storage of Sensitive Information in Memory vulnerability in Microsoft Windows client in McAfee True Key (TK) prior to 6.2.109.2 allows a local user logged in with administrative privileges to access to another user\u2019s passwords on the same machine via triggering a process dump in specific situations."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-522", "description": "CWE-522: Insufficiently Protected Credentials", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-09-04T14:05:21", "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808", "shortName": "trellix"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://service.mcafee.com/webcenter/portal/oracle/webcenter/page/scopedMD/s55728c97_466d_4ddb_952d_05484ea932c6/Page29.jspx?wc.contextURL=%2Fspaces%2Fcp&articleId=TS103066&_afrLoop=1258314779734827&leftWidth=0%25&showFooter=false&showHeader=false&rightWidth=0%25&centerWidth=100%25"}], "source": {"discovery": "EXTERNAL"}, "title": "Sensitive Data Exposure vulnerability in McAfee True Key Windows Client", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@mcafee.com", "DATE_PUBLIC": "2020-09-04T00:00:00.000Z", "ID": "CVE-2020-7299", "STATE": "PUBLIC", "TITLE": "Sensitive Data Exposure vulnerability in McAfee True Key Windows Client"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "McAfee True Key Windows client", "version": {"version_data": [{"version_affected": "<", "version_name": "6.x", "version_value": "6.2.110.8"}]}}]}, "vendor_name": "McAfee,LLC"}]}}, "credit": [{"lang": "eng", "value": "McAfee credits nestedif for responsibly reporting this flaw."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cleartext Storage of Sensitive Information in Memory vulnerability in Microsoft Windows client in McAfee True Key (TK) prior to 6.2.109.2 allows a local user logged in with administrative privileges to access to another user\u2019s passwords on the same machine via triggering a process dump in specific situations."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-522: Insufficiently Protected Credentials"}]}]}, "references": {"reference_data": [{"name": "https://service.mcafee.com/webcenter/portal/oracle/webcenter/page/scopedMD/s55728c97_466d_4ddb_952d_05484ea932c6/Page29.jspx?wc.contextURL=%2Fspaces%2Fcp&articleId=TS103066&_afrLoop=1258314779734827&leftWidth=0%25&showFooter=false&showHeader=false&rightWidth=0%25&centerWidth=100%25", "refsource": "CONFIRM", "url": "https://service.mcafee.com/webcenter/portal/oracle/webcenter/page/scopedMD/s55728c97_466d_4ddb_952d_05484ea932c6/Page29.jspx?wc.contextURL=%2Fspaces%2Fcp&articleId=TS103066&_afrLoop=1258314779734827&leftWidth=0%25&showFooter=false&showHeader=false&rightWidth=0%25&centerWidth=100%25"}]}, "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T09:25:49.069Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://service.mcafee.com/webcenter/portal/oracle/webcenter/page/scopedMD/s55728c97_466d_4ddb_952d_05484ea932c6/Page29.jspx?wc.contextURL=%2Fspaces%2Fcp&articleId=TS103066&_afrLoop=1258314779734827&leftWidth=0%25&showFooter=false&showHeader=false&rightWidth=0%25&centerWidth=100%25"}]}]}, "cveMetadata": {"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808", "assignerShortName": "trellix", "cveId": "CVE-2020-7299", "datePublished": "2020-09-04T14:05:21.286070Z", "dateReserved": "2020-01-21T00:00:00", "dateUpdated": "2024-09-16T19:05:05.653Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mcafee:true_key:*:*:*:*:*:windows:*:*", "matchCriteriaId": "B2B59499-7183-485D-B3D1-D6B1DA0A97C2", "versionEndExcluding": "6.2.109.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cleartext Storage of Sensitive Information in Memory vulnerability in Microsoft Windows client in McAfee True Key (TK) prior to 6.2.109.2 allows a local user logged in with administrative privileges to access to another user\u2019s passwords on the same machine via triggering a process dump in specific situations."}, {"lang": "es", "value": "Una vulnerabilidad de Almacenamiento de Informaci\u00f3n Confidencial en la Memoria en Texto Sin Cifrar en el cliente de Microsoft Windows en McAfee True Key (TK) anterior a versi\u00f3n 6.2.109.2, permite a un usuario local iniciar sesi\u00f3n con privilegios administrativos para acceder a contrase\u00f1as de otro usuario en la misma m\u00e1quina mediante la activaci\u00f3n de un volcado de proceso en situaciones espec\u00edficas"}], "id": "CVE-2020-7299", "lastModified": "2023-11-07T03:25:55.550", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.6, "impactScore": 4.0, "source": "trellixpsirt@trellix.com", "type": "Secondary"}]}, "published": "2020-09-04T14:15:11.457", "references": [{"source": "trellixpsirt@trellix.com", "url": "https://service.mcafee.com/webcenter/portal/oracle/webcenter/page/scopedMD/s55728c97_466d_4ddb_952d_05484ea932c6/Page29.jspx?wc.contextURL=%2Fspaces%2Fcp&articleId=TS103066&_afrLoop=1258314779734827&leftWidth=0%25&showFooter=false&showHeader=false&rightWidth=0%25&centerWidth=100%25"}], "sourceIdentifier": "trellixpsirt@trellix.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-522"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-522"}], "source": "trellixpsirt@trellix.com", "type": "Secondary"}]}