CVE-2022-0280
McAfee Total Protection (MTP) - File Deletion vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A race condition vulnerability exists in the QuickClean feature of McAfee Total Protection for Windows prior to 16.0.43 that allows a local user to gain privilege elevation and perform an arbitrary file delete. This could lead to sensitive files being deleted and potentially cause denial of service. This attack exploits the way symlinks are created and how the product works with them.
Se presenta una vulnerabilidad de condición de carrera en la función QuickClean de McAfee Total Protection para Windows versiones anteriores a 16.0.43, que permite a un usuario local alcanzar una elevación de privilegios y llevar a cabo una eliminación arbitraria de archivos. Esto podría conllevar a una eliminación de archivos confidenciales y causar potencialmente una denegación de servicio. Este ataque explota la forma en que son creados los enlaces simbólicos y cómo el producto trabaja con ellos
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-01-19 CVE Reserved
- 2022-03-10 CVE Published
- 2023-11-16 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://service.mcafee.com/?articleId=TS103271&page=shell&shell=article-view | 2023-11-16 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Affected
| in | Mcafee Search vendor "Mcafee" | Total Protection Search vendor "Mcafee" for product "Total Protection" | < 16.0.43 Search vendor "Mcafee" for product "Total Protection" and version " < 16.0.43" | - |
Safe
|