Multiple vulnerabilities in McAfee Total Protection



Published: 2021-02-15
Risk Low
Patch available YES
Number of vulnerabilities 4
CVE-ID CVE-2021-23873
CVE-2021-23874
CVE-2021-23875
CVE-2021-23876
CWE-ID CWE-269
Exploitation vector Local
Public exploit Vulnerability #2 is being exploited in the wild.
Vulnerable software
Subscribe 		McAfee Total Protection (MTP)
Client/Desktop applications / Antivirus software/Personal firewalls

Vendor

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

1) Improper Privilege Management

EUVDB-ID: #VU50679

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-23873

CWE-ID: CWE-269 - Improper Privilege Management

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges.

The vulnerability exists due to improper privilege management within the implementation of the QuickClean feature. A local user can escalate privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

McAfee Total Protection (MTP): before 16.0.30

External links

http://service.mcafee.com/FAQDocument.aspx?&id=TS103114
http://www.zerodayinitiative.com/advisories/ZDI-21-175/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper Privilege Management

EUVDB-ID: #VU50680

Risk: Low

CVSSv3.1: 7.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2021-23874

CWE-ID: CWE-269 - Improper Privilege Management

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges.

The vulnerability exists due to improper privilege management. A local user can gain elevated privileges and execute arbitrary code bypassing MTP self-defense.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

McAfee Total Protection (MTP): before 16.0.30

External links

http://service.mcafee.com/FAQDocument.aspx?&id=TS103114


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

3) Improper Privilege Management

EUVDB-ID: #VU50681

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-23875

CWE-ID: CWE-269 - Improper Privilege Management

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges.

The vulnerability exists due to improper privilege management. A local user can execute specially constructed malware, gain elevated privileges and perform arbitrary file deletion as the SYSTEM user.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

McAfee Total Protection (MTP): before 16.0.30

External links

http://service.mcafee.com/webcenter/portal/oracle/webcenter/page/scopedMD/s55728c97_466d_4ddb_952d_05484ea932c6/Page29.jspx?wc.contextURL=%2Fspaces%2Fcp&articleId=TS103114&_afrLoop=1024260623598121&leftWidth=0%25&showFooter=false&showHeader=false&rightWi


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper Privilege Management

EUVDB-ID: #VU50682

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-23876

CWE-ID: CWE-269 - Improper Privilege Management

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges.

The vulnerability exists due to improper privilege management. A local user can execute specially constructed malware, bypass remote procedure call, gain elevated privileges and perform arbitrary file modification as the SYSTEM user.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

McAfee Total Protection (MTP): before 16.0.30

External links

http://service.mcafee.com/FAQDocument.aspx?&id=TS103114


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###