CVE-2021-23874

McAfee Total Protection (MTP) privilege escalation vulnerability

CVSS 8.2 HIGHEPSS 1.0%● KEVCWE-269

In short

McAfee Total Protection before version 16.0.30 has a flaw that allows someone with access to your computer to run programs with high-level permissions and bypass the software's own security protections. This is dangerous because an attacker could take complete control of your system.

Technical detail

A local privilege escalation vulnerability in McAfee Total Protection prior to 16.0.30 permits authenticated local users to execute arbitrary code with elevated privileges by circumventing the application's self-defense mechanisms. The vulnerability is exploitable via local access without requiring special conditions, resulting in complete system compromise.

Summary generated and translated by AI from the official description.

Arbitrary Process Execution vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and execute arbitrary code bypassing MTP self-defense.

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Affected products

McAfee,LLC · McAfee Total Protection (MTP)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://service.mcafee.com/FAQDocument.aspx?&id=TS103114 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-23874