CVE-2013-7460
First published: Tue Mar 14 2017(Updated: )
A write protection and execution bypass vulnerability in McAfee (now Intel Security) Application Control (MAC) 6.1.0 for Linux and earlier allows authenticated users to change binaries that are part of the Application Control whitelist and allows execution of binaries via specific conditions.
Credit: secure@intel.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mcafee Application Control | <=6.1.0 | |
| Mcafee Change Control | <=6.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2013-7460?
CVE-2013-7460 is categorized as a medium severity vulnerability due to its potential for unauthorized changes to whitelisted binaries.
How do I fix CVE-2013-7460?
To mitigate CVE-2013-7460, upgrade McAfee Application Control or Change Control to versions later than 6.1.0.
Who is affected by CVE-2013-7460?
CVE-2013-7460 affects users of McAfee Application Control and Change Control versions 6.1.0 for Linux and earlier.
What types of attacks can exploit CVE-2013-7460?
CVE-2013-7460 can be exploited to modify binaries on the application control whitelist and run unauthorized applications.
Is authentication required to exploit CVE-2013-7460?
Yes, CVE-2013-7460 requires authenticated access to exploit the write protection and execution bypass vulnerability.
- collector/nvd-index
- agent/severity
- agent/author
- agent/references
- agent/tags
- agent/type
- agent/description
- agent/event
- agent/weakness
- agent/last-modified-date
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- vendor/mcafee
- canonical/mcafee application control
- version/mcafee application control/6.1.0
- canonical/mcafee change control
- version/mcafee change control/6.1.0