Lucene search

TrellixCVELIST:CVE-2021-23876

HistoryFeb 10, 2021 - 10:25 a.m.

CVE-2021-23876 McAfee Total Protection (MTP) Bypass Remote Procedure call vulnerability

2021-02-1010:25:15

CWE-269

trellix

www.cve.org

mcafee total protection

bypass

remote procedure call

vulnerability

denial of service

elevated privileges

arbitrary file modification

system user

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

Percentile

5.1%

JSON

Bypass Remote Procedure call in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and perform arbitrary file modification as the SYSTEM user potentially causing Denial of Service via executing carefully constructed malware.

CNA Affected

[
  {
    "platforms": [
      "Windows"
    ],
    "product": "McAfee Total Protection (MTP)",
    "vendor": "McAfee,LLC",
    "versions": [
      {
        "lessThan": "16.0.30",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

service.mcafee.com/FAQDocument.aspx?&id=TS103114

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2021-23876