Lucene search

TrellixCVELIST:CVE-2022-0815

HistoryMar 10, 2022 - 10:30 p.m.

CVE-2022-0815 McAfee WebAdvisor - Extension Fingerprinting vulnerability

2022-03-1022:30:11

CWE-668

trellix

www.cve.org

mcafee webadvisor

extension fingerprinting

vulnerability

improper access control

chrome

edge

remote attacker

user system

targeted scams

malicious software

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

EPSS

0.002

Percentile

51.4%

JSON

Improper access control vulnerability in McAfee WebAdvisor Chrome and Edge browser extensions up to 8.1.0.1895 allows a remote attacker to gain access to McAfee WebAdvisor settings and other details about the user’s system. This could lead to unexpected behaviors including; settings being changed, fingerprinting of the system leading to targeted scams, and not triggering the malicious software if McAfee software is detected.

CNA Affected

[
  {
    "product": "McAfee WebAdvisor",
    "vendor": "McAfee",
    "versions": [
      {
        "lessThanOrEqual": "8.1.0.1895",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

service.mcafee.com/?articleId=TS103273&page=shell&shell=article-view

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

EPSS

0.002

Percentile

51.4%

JSON

Related for CVELIST:CVE-2022-0815