← voltar
CVE-2022-0280

McAfee Total Protection (MTP) - File Deletion vulnerability

CVSS 7.5 HIGHEPSS 0.3%CWE-367
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 7.5EPSS 0.3%KEV nãoPoC Patch
Ciclo de vida
10 mar 2022Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A race condition vulnerability exists in the QuickClean feature of McAfee Total Protection for Windows prior to 16.0.43 that allows a local user to gain privilege elevation and perform an arbitrary file delete. This could lead to sensitive files being deleted and potentially cause denial of service. This attack exploits the way symlinks are created and how the product works with them.
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H
Produtos afetados
McAfee · McAfee Total Protection for Windows

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://service.mcafee.com/?articleId=TS103271&page=shell&shell=article-view