Skip to main content

Total Protection CVE-2023-24577

MEDIUM
Improper Link Resolution Before File Access (CWE-59)
2023-03-13 cve@mitre.org
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
Mar 13, 2023 - 13:15 nvd
MEDIUM 5.5

DescriptionNVD

McAfee Total Protection prior to 16.0.50 allows attackers to elevate user privileges due to Improper Link Resolution via registry keys. This could enable a user with lower privileges to execute unauthorized tasks.

AnalysisAI

McAfee Total Protection prior to 16.0.50 allows attackers to elevate user privileges due to Improper Link Resolution via registry keys. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-59. McAfee Total Protection prior to 16.0.50 allows attackers to elevate user privileges due to Improper Link Resolution via registry keys. This could enable a user with lower privileges to execute unauthorized tasks. Affected products include: Mcafee Total Protection. Version information: prior to 16.0.50.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2020-7330 HIGH
8.8 Oct 14

Privilege Escalation vulnerability in McAfee Total Protection (MTP) trial prior to 4.0.176.1 allows local users to sched

CVE-2020-7283 HIGH
8.8 Jul 03

Privilege Escalation vulnerability in McAfee Total Protection (MTP) before 16.0.R26 allows local users to create and edi

CVE-2020-7298 HIGH
8.4 Aug 05

Unexpected behavior violation in McAfee Total Protection (MTP) prior to 16.0.R26 allows local users to turn off real tim

CVE-2022-43751 HIGH
7.8 Nov 23

McAfee Total Protection prior to version 16.0.49 contains an uncontrolled search path element vulnerability due to the u

CVE-2021-23877 HIGH
7.8 Oct 26

Privilege escalation vulnerability in the Windows trial installer of McAfee Total Protection (MTP) prior to 16.0.34_x ma

CVE-2021-23891 HIGH
7.8 May 12

Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.32 allows a local user to gain elevate

CVE-2021-23872 HIGH
7.8 May 12

Privilege Escalation vulnerability in the File Lock component of McAfee Total Protection (MTP) prior to 16.0.32 allows a

CVE-2021-23876 HIGH
7.8 Feb 10

Bypass Remote Procedure call in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated priv

CVE-2021-23874 HIGH
7.8 Feb 10

Arbitrary Process Execution vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain

CVE-2020-7335 HIGH
7.8 Dec 01

Privilege Escalation vulnerability in Microsoft Windows client McAfee Total Protection (MTP) prior to 16.0.29 allows loc

CVE-2019-3636 HIGH
7.8 Oct 28

A File Masquerade vulnerability in McAfee Total Protection (MTP) version 16.0.R21 and earlier in Windows client allowed

CVE-2019-3593 HIGH
7.1 Jan 28

Exploitation of Privilege/Trust vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Prior to 16.0

Share

CVE-2023-24577 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy