Vulnerability Details CVE-2021-23874
Arbitrary Process Execution vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and execute arbitrary code bypassing MTP self-defense.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 73.5%
CVSS Severity
CVSS v3 Score 8.2
CVSS v2 Score 4.6
Proposed Action
McAfee Total Protection (MTP) contains an improper privilege management vulnerability that allows a local user to gain elevated privileges and execute code, bypassing MTP self-defense.
Ransomware Campaign
Unknown
References
Products affected by CVE-2021-23874
-
cpe:2.3:a:mcafee:total_protection:-
-
cpe:2.3:a:mcafee:total_protection:16.0.18
-
cpe:2.3:a:mcafee:total_protection:16.0.29
-
cpe:2.3:a:mcafee:total_protection:4.0.161.1
-
cpe:2.3:a:mcafee:total_protection:4.0.176.1
-
cpe:2.3:a:mcafee:total_protection:4.6