
CVE-2022-37025
https://notcve.org/view.php?id=CVE-2022-37025
18 Aug 2022 — An improper privilege management vulnerability in McAfee Security Scan Plus (MSS+) before 4.1.262.1 could allow a local user to modify a configuration file and perform a LOLBin (Living off the land) attack. This could result in the user gaining elevated permissions and being able to execute arbitrary code due to lack of an integrity check of the configuration file. Una vulnerabilidad de administración de privilegios inapropiada en McAfee Security Scan Plus (MSS+) versiones anteriores a 4.1.262.1 podría perm... • https://attack.mitre.org/techniques/T1218 • CWE-269: Improper Privilege Management •

CVE-2017-3897 – McAfee Security Scan Plus - Remote Command Execution
https://notcve.org/view.php?id=CVE-2017-3897
01 Sep 2017 — A Code Injection vulnerability in the non-certificate-based authentication mechanism in McAfee Live Safe versions prior to 16.0.3 and McAfee Security Scan Plus (MSS+) versions prior to 3.11.599.3 allows network attackers to perform a malicious file execution via a HTTP backend-response. Una vulnerabilidad de inyección de código en el mecanismo de autenticación no basado en certificados en McAfee Live Safe en versiones anteriores a la 16.0.3 y McAfee Security Scan Plus (MSS+) en versiones anteriores a la 3.1... • https://www.exploit-db.com/exploits/44067 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVE-2016-8008
https://notcve.org/view.php?id=CVE-2016-8008
14 Mar 2017 — Privilege escalation vulnerability in Windows 7 and Windows 10 in McAfee Security Scan Plus (SSP) 3.11.376 allows attackers to load a replacement of the version.dll file via McAfee McUICnt.exe onto a Windows system. Vulnerabilidad de escalada de privilegios en Windows 7 y Windows 10 en McAfee Security Scan Plus (SSP) 3.11.376 permite a atacantes cargar un reemplazo del archivo version.dll a través de McAfee McUICnt.exe en un sistema Windows. • https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102593 • CWE-264: Permissions, Privileges, and Access Controls •

CVE-2016-8026
https://notcve.org/view.php?id=CVE-2016-8026
14 Mar 2017 — Arbitrary command execution vulnerability in Intel Security McAfee Security Scan Plus (SSP) 3.11.469 and earlier allows authenticated users to gain elevated privileges via unspecified vectors. Vulnerabilidad de ejecución de comandos arbitrarios en Intel Security McAfee Security Scan Plus (SSP) 3.11.469 y versiones anteriores permite a usuarios autenticados obtener privilegios elevados a través de vectores no especificados. • http://www.securityfocus.com/bid/98068 • CWE-264: Permissions, Privileges, and Access Controls •