CVE-2021-23874
McAfee Total Protection (MTP) Improper Privilege Management Vulnerability
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
Yes
*KEV
Decision
-
*SSVC
Descriptions
Arbitrary Process Execution vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and execute arbitrary code bypassing MTP self-defense.
Una vulnerabilidad de ejecución arbitraria de procesos en McAfee Total Protection (MTP) versiones anteriores a 16.0.30, permite a un usuario local alcanzar privilegios elevados y ejecutar código arbitrario omitiendo la autodefensa de MTP
McAfee Total Protection (MTP) contains an improper privilege management vulnerability that allows a local user to gain elevated privileges and execute code, bypassing MTP self-defense.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-01-12 CVE Reserved
- 2021-02-10 CVE Published
- 2021-11-03 Exploited in Wild
- 2021-11-17 KEV Due Date
- 2023-11-08 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- First Exploit
CWE
- CWE-269: Improper Privilege Management
- CWE-732: Incorrect Permission Assignment for Critical Resource
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
http://service.mcafee.com/FAQDocument.aspx?&id=TS103114 | X_refsource_confirm |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Mcafee Search vendor "Mcafee" | Total Protection Search vendor "Mcafee" for product "Total Protection" | < 16.0.30 Search vendor "Mcafee" for product "Total Protection" and version " < 16.0.30" | - |
Affected
|