Trial installer for McAfee Total Protection (legacy trial installer software) 16.0.53 allows local privilege escalation because of an Uncontrolled Search Path Element. The attacker could be "an adversary or knowledgeable user" and the type of attack could be called "DLL-squatting." The issue only affects execution of this installer, and does not leave McAfee Total Protection in a vulnerable state after installation is completed. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
History

Wed, 27 Nov 2024 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Mcafee
Mcafee total Protection
Weaknesses CWE-427
CPEs cpe:2.3:a:mcafee:total_protection:16.0.53:*:*:*:*:*:*:*
Vendors & Products Mcafee
Mcafee total Protection
Metrics cvssV3_1

{'score': 6.7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 18 Nov 2024 16:15:00 +0000

Type Values Removed Values Added
Description McAfee Trial Installer 16.0.53 has Incorrect Access Control that leads to Local Escalation of Privileges. Trial installer for McAfee Total Protection (legacy trial installer software) 16.0.53 allows local privilege escalation because of an Uncontrolled Search Path Element. The attacker could be "an adversary or knowledgeable user" and the type of attack could be called "DLL-squatting." The issue only affects execution of this installer, and does not leave McAfee Total Protection in a vulnerable state after installation is completed. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Fri, 15 Nov 2024 21:15:00 +0000

Type Values Removed Values Added
Description McAfee Trial Installer 16.0.53 has Incorrect Access Control that leads to Local Escalation of Privileges.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-11-15T00:00:00

Updated: 2024-11-27T16:57:18.153Z

Reserved: 2024-10-17T00:00:00

Link: CVE-2024-49592

cve-icon Vulnrichment

Updated: 2024-11-27T16:57:11.271Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-11-15T21:15:11.070

Modified: 2024-11-27T17:15:12.093

Link: CVE-2024-49592

cve-icon Redhat

No data.