CVE-2022-0280 – McAfee Total Protection (MTP) - File Deletion vulnerability
https://notcve.org/view.php?id=CVE-2022-0280
A race condition vulnerability exists in the QuickClean feature of McAfee Total Protection for Windows prior to 16.0.43 that allows a local user to gain privilege elevation and perform an arbitrary file delete. This could lead to sensitive files being deleted and potentially cause denial of service. This attack exploits the way symlinks are created and how the product works with them. Se presenta una vulnerabilidad de condición de carrera en la función QuickClean de McAfee Total Protection para Windows versiones anteriores a 16.0.43, que permite a un usuario local alcanzar una elevación de privilegios y llevar a cabo una eliminación arbitraria de archivos. Esto podría conllevar a una eliminación de archivos confidenciales y causar potencialmente una denegación de servicio. • https://service.mcafee.com/?articleId=TS103271&page=shell&shell=article-view • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVE-2021-23877 – McAfee Total Protection (MTP) - Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2021-23877
Privilege escalation vulnerability in the Windows trial installer of McAfee Total Protection (MTP) prior to 16.0.34_x may allow a local user to run arbitrary code as the admin user by replacing a specific temporary file created during the installation of the trial version of MTP. Una vulnerabilidad de escalada de privilegios en el instalador de prueba de Windows de McAfee Total Protection (MTP) versiones anteriores a 16.0.34_x, puede permitir a un usuario local ejecutar código arbitrario como usuario administrador al reemplazar un archivo temporal específico creado durante la instalación de la versión de prueba de MTP • https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS103215 • CWE-269: Improper Privilege Management •
CVE-2021-23872 – Privilege Escalation vulnerability in McAfee Total Protection (MTP)
https://notcve.org/view.php?id=CVE-2021-23872
Privilege Escalation vulnerability in the File Lock component of McAfee Total Protection (MTP) prior to 16.0.32 allows a local user to gain elevated privileges by manipulating a symbolic link in the IOCTL interface. Una vulnerabilidad de escalada de privilegios en el componente File Lock de McAfee Total Protection (MTP) anterior a versión 16.0.32, permite a un usuario local alcanzar privilegios elevados al manipular un enlace simbólico en la interfaz de IOTL • http://service.mcafee.com/FAQDocument.aspx?&id=TS103146 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2021-23891 – Privilege Escalation vulnerability in McAfee Total Protection (MTP)
https://notcve.org/view.php?id=CVE-2021-23891
Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.32 allows a local user to gain elevated privileges by impersonating a client token which could lead to the bypassing of MTP self-defense. Una vulnerabilidad de Escalada de Privilegios en McAfee Total Protection (MTP) versiones anteriores a 16.0.32, permite a un usuario local alcanzar privilegios elevados al hacerse pasar por un token de cliente, lo que podría conllevar a omitir una autodefensa de MTP • http://service.mcafee.com/FAQDocument.aspx?&id=TS103146 • CWE-269: Improper Privilege Management •
CVE-2021-23874 – McAfee Total Protection (MTP) Improper Privilege Management Vulnerability
https://notcve.org/view.php?id=CVE-2021-23874
Arbitrary Process Execution vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and execute arbitrary code bypassing MTP self-defense. Una vulnerabilidad de ejecución arbitraria de procesos en McAfee Total Protection (MTP) versiones anteriores a 16.0.30, permite a un usuario local alcanzar privilegios elevados y ejecutar código arbitrario omitiendo la autodefensa de MTP McAfee Total Protection (MTP) contains an improper privilege management vulnerability that allows a local user to gain elevated privileges and execute code, bypassing MTP self-defense. • http://service.mcafee.com/FAQDocument.aspx?&id=TS103114 • CWE-269: Improper Privilege Management CWE-732: Incorrect Permission Assignment for Critical Resource •