CVE-2022-1823

McAfee MCPR privilege escalation

CVSS 7.9 HIGHEPSS 0.3%CWE-269

Vexday Risk Score

21Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 7.9EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

20 jun 2022Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

Improper privilege management vulnerability in McAfee Consumer Product Removal Tool prior to version 10.4.128 could allow a local user to modify a configuration file and perform a LOLBin (Living off the land) attack. This could result in the user gaining elevated permissions and being able to execute arbitrary code, through not correctly checking the integrity of the configuration file.

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H

Productos afectados

McAfee,LLC · McAfee Consumer Product Removal Tool

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://service.mcafee.com/?articleId=TS103318&page=shell&shell=article-view