HIGH🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2021-23874

CVSS 8.2v3.1pub. 2021-02-10upd. 2025-11-03

Arbitrary Process Execution vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and execute arbitrary code bypassing MTP self-defense.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
  • Mcafee Total Protection

    APP
    Mcafee
    < 16.0.30

CISA KEV — detailsi

Vendori
McAfee
Producti
McAfee Total Protection (MTP)
Added to KEVi
November 3, 2021
Remediation deadline (US Federal)i
November 17, 2021(overdue)
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

McAfee Total Protection (MTP) contains an improper privilege management vulnerability that allows a local user to gain elevated privileges and execute code, bypassing MTP self-defense.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 17 listopada 2021
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2022-43751HIGH7.8ten sam produkt

McAfee Total Protection prior to version 16.0.49 contains an uncontrolled search path element vulnerability du...

CVE-2022-0280HIGH7.5ten sam produkt

A race condition vulnerability exists in the QuickClean feature of McAfee Total Protection for Windows prior t...

CVE-2021-23872HIGH7.8ten sam produkt

Privilege Escalation vulnerability in the File Lock component of McAfee Total Protection (MTP) prior to 16.0.3...

CVE-2021-23891HIGH7.8ten sam produkt

Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.32 allows a local user to ga...

CVE-2021-23873HIGH7.8ten sam produkt

Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to ga...