CVE-2020-7299

EUVD-2020-28426
Cleartext Storage of Sensitive Information in Memory vulnerability in Microsoft Windows client in McAfee True Key (TK) prior to 6.2.109.2 allows a local user logged in with administrative privileges to access to another user’s passwords on the same machine via triggering a process dump in specific situations.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 MEDIUM
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N
trellixCNA
5 MEDIUM
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
Affected Products (NVD)
VendorProductVersion
mcafeetrue_key
𝑥
< 6.2.109.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://service.mcafee.com/webcenter/portal/oracle/webcenter/page/scopedMD/s55728c97_466d_4ddb_952d_05484ea932c6/Page29.jspx?wc.contextURL=%2Fspaces%2Fcp&articleId=TS103066&_afrLoop=1258314779734827&leftWidth=0%25&showFooter=false&showHeader=false&rightWidth=0%25&centerWidth=100%25
https://service.mcafee.com/webcenter/portal/oracle/webcenter/page/scopedMD/s55728c97_466d_4ddb_952d_05484ea932c6/Page29.jspx?wc.contextURL=%2Fspaces%2Fcp&articleId=TS103066&_afrLoop=1258314779734827&leftWidth=0%25&showFooter=false&showHeader=false&rightWidth=0%25&centerWidth=100%25