McAfee Total Protection
by McAfee
CVEs (29)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-49592 | Med | 0.44 | 6.7 | 0.00 | Nov 15, 2024 | Trial installer for McAfee Total Protection (legacy trial installer software) 16.0.53 allows local privilege escalation because of an Uncontrolled Search Path Element. The attacker could be "an adversary or knowledgeable user" and the type of attack could be called… | ||
| CVE-2021-23874 | 0.12 | — | 0.01 | KEV | Feb 10, 2021 | Arbitrary Process Execution vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and execute arbitrary code bypassing MTP self-defense. | ||
| CVE-2023-25134 | 0.00 | — | 0.00 | Mar 21, 2023 | McAfee Total Protection prior to 16.0.50 may allow an adversary (with full administrative access) to modify a McAfee specific Component Object Model (COM) in the Windows Registry. This can result in the loading of a malicious payload. | |||
| CVE-2023-24578 | 0.00 | — | 0.00 | Mar 13, 2023 | McAfee Total Protection prior to 16.0.49 allows attackers to elevate user privileges due to DLL sideloading. This could enable a user with lower privileges to execute unauthorized tasks. | |||
| CVE-2023-24579 | 0.00 | — | 0.00 | Mar 13, 2023 | McAfee Total Protection prior to 16.0.51 allows attackers to trick a victim into uninstalling the application via the command prompt. | |||
| CVE-2023-24577 | 0.00 | — | 0.00 | Mar 13, 2023 | McAfee Total Protection prior to 16.0.50 allows attackers to elevate user privileges due to Improper Link Resolution via registry keys. This could enable a user with lower privileges to execute unauthorized tasks. | |||
| CVE-2022-43751 | 0.00 | — | 0.00 | Nov 22, 2022 | McAfee Total Protection prior to version 16.0.49 contains an uncontrolled search path element vulnerability due to the use of a variable pointing to a subdirectory that may be controllable by an unprivileged user. This may have allowed the unprivileged user to execute arbitrary… | |||
| CVE-2022-0280 | 0.00 | — | 0.00 | Mar 10, 2022 | A race condition vulnerability exists in the QuickClean feature of McAfee Total Protection for Windows prior to 16.0.43 that allows a local user to gain privilege elevation and perform an arbitrary file delete. This could lead to sensitive files being deleted and potentially… | |||
| CVE-2021-23877 | 0.00 | — | 0.00 | Oct 26, 2021 | Privilege escalation vulnerability in the Windows trial installer of McAfee Total Protection (MTP) prior to 16.0.34_x may allow a local user to run arbitrary code as the admin user by replacing a specific temporary file created during the installation of the trial version of MTP. | |||
| CVE-2021-23872 | 0.00 | — | 0.00 | May 12, 2021 | Privilege Escalation vulnerability in the File Lock component of McAfee Total Protection (MTP) prior to 16.0.32 allows a local user to gain elevated privileges by manipulating a symbolic link in the IOCTL interface. | |||
| CVE-2021-23891 | 0.00 | — | 0.00 | May 12, 2021 | Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.32 allows a local user to gain elevated privileges by impersonating a client token which could lead to the bypassing of MTP self-defense. | |||
| CVE-2021-23876 | 0.00 | — | 0.00 | Feb 10, 2021 | Bypass Remote Procedure call in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and perform arbitrary file modification as the SYSTEM user potentially causing Denial of Service via executing carefully constructed malware. | |||
| CVE-2021-23873 | 0.00 | — | 0.00 | Feb 10, 2021 | Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and perform arbitrary file deletion as the SYSTEM user potentially causing Denial of Service via manipulating Junction link, after enumerating… | |||
| CVE-2020-7335 | 0.00 | — | 0.00 | Dec 1, 2020 | Privilege Escalation vulnerability in Microsoft Windows client McAfee Total Protection (MTP) prior to 16.0.29 allows local users to gain elevated privileges via careful manipulation of a folder by creating a junction link. This exploits a lack of protection through a timing… | |||
| CVE-2020-7330 | 0.00 | — | 0.00 | Oct 14, 2020 | Privilege Escalation vulnerability in McAfee Total Protection (MTP) trial prior to 4.0.176.1 allows local users to schedule tasks which call malicious software to execute with elevated privileges via editing of environment variables | |||
| CVE-2020-7310 | 0.00 | — | 0.00 | Aug 21, 2020 | Privilege Escalation vulnerability in the installer in McAfee McAfee Total Protection (MTP) trial prior to 4.0.161.1 allows local users to change files that are part of write protection rules via manipulating symbolic links to redirect a McAfee file operations to an unintended… | |||
| CVE-2020-7298 | 0.00 | — | 0.00 | Aug 5, 2020 | Unexpected behavior violation in McAfee Total Protection (MTP) prior to 16.0.R26 allows local users to turn off real time scanning via a specially crafted object making a specific function call. | |||
| CVE-2020-7283 | 0.00 | — | 0.00 | Jul 3, 2020 | Privilege Escalation vulnerability in McAfee Total Protection (MTP) before 16.0.R26 allows local users to create and edit files via symbolic link manipulation in a location they would otherwise not have access to. This is achieved through running a malicious script or program on… | |||
| CVE-2020-7281 | 0.00 | — | 0.00 | Jul 3, 2020 | Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.R26 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through… | |||
| CVE-2020-7282 | 0.00 | — | 0.00 | Jul 3, 2020 | Privilege Escalation vulnerability in McAfee Total Protection (MTP) before 16.0.R26 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through… |
- risk 0.44cvss 6.7epss 0.00
Trial installer for McAfee Total Protection (legacy trial installer software) 16.0.53 allows local privilege escalation because of an Uncontrolled Search Path Element. The attacker could be "an adversary or knowledgeable user" and the type of attack could be called…
- risk 0.12cvss —epss 0.01
Arbitrary Process Execution vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and execute arbitrary code bypassing MTP self-defense.
- CVE-2023-25134Mar 21, 2023risk 0.00cvss —epss 0.00
McAfee Total Protection prior to 16.0.50 may allow an adversary (with full administrative access) to modify a McAfee specific Component Object Model (COM) in the Windows Registry. This can result in the loading of a malicious payload.
- CVE-2023-24578Mar 13, 2023risk 0.00cvss —epss 0.00
McAfee Total Protection prior to 16.0.49 allows attackers to elevate user privileges due to DLL sideloading. This could enable a user with lower privileges to execute unauthorized tasks.
- CVE-2023-24579Mar 13, 2023risk 0.00cvss —epss 0.00
McAfee Total Protection prior to 16.0.51 allows attackers to trick a victim into uninstalling the application via the command prompt.
- CVE-2023-24577Mar 13, 2023risk 0.00cvss —epss 0.00
McAfee Total Protection prior to 16.0.50 allows attackers to elevate user privileges due to Improper Link Resolution via registry keys. This could enable a user with lower privileges to execute unauthorized tasks.
- CVE-2022-43751Nov 22, 2022risk 0.00cvss —epss 0.00
McAfee Total Protection prior to version 16.0.49 contains an uncontrolled search path element vulnerability due to the use of a variable pointing to a subdirectory that may be controllable by an unprivileged user. This may have allowed the unprivileged user to execute arbitrary…
- CVE-2022-0280Mar 10, 2022risk 0.00cvss —epss 0.00
A race condition vulnerability exists in the QuickClean feature of McAfee Total Protection for Windows prior to 16.0.43 that allows a local user to gain privilege elevation and perform an arbitrary file delete. This could lead to sensitive files being deleted and potentially…
- CVE-2021-23877Oct 26, 2021risk 0.00cvss —epss 0.00
Privilege escalation vulnerability in the Windows trial installer of McAfee Total Protection (MTP) prior to 16.0.34_x may allow a local user to run arbitrary code as the admin user by replacing a specific temporary file created during the installation of the trial version of MTP.
- CVE-2021-23872May 12, 2021risk 0.00cvss —epss 0.00
Privilege Escalation vulnerability in the File Lock component of McAfee Total Protection (MTP) prior to 16.0.32 allows a local user to gain elevated privileges by manipulating a symbolic link in the IOCTL interface.
- CVE-2021-23891May 12, 2021risk 0.00cvss —epss 0.00
Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.32 allows a local user to gain elevated privileges by impersonating a client token which could lead to the bypassing of MTP self-defense.
- CVE-2021-23876Feb 10, 2021risk 0.00cvss —epss 0.00
Bypass Remote Procedure call in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and perform arbitrary file modification as the SYSTEM user potentially causing Denial of Service via executing carefully constructed malware.
- CVE-2021-23873Feb 10, 2021risk 0.00cvss —epss 0.00
Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and perform arbitrary file deletion as the SYSTEM user potentially causing Denial of Service via manipulating Junction link, after enumerating…
- CVE-2020-7335Dec 1, 2020risk 0.00cvss —epss 0.00
Privilege Escalation vulnerability in Microsoft Windows client McAfee Total Protection (MTP) prior to 16.0.29 allows local users to gain elevated privileges via careful manipulation of a folder by creating a junction link. This exploits a lack of protection through a timing…
- CVE-2020-7330Oct 14, 2020risk 0.00cvss —epss 0.00
Privilege Escalation vulnerability in McAfee Total Protection (MTP) trial prior to 4.0.176.1 allows local users to schedule tasks which call malicious software to execute with elevated privileges via editing of environment variables
- CVE-2020-7310Aug 21, 2020risk 0.00cvss —epss 0.00
Privilege Escalation vulnerability in the installer in McAfee McAfee Total Protection (MTP) trial prior to 4.0.161.1 allows local users to change files that are part of write protection rules via manipulating symbolic links to redirect a McAfee file operations to an unintended…
- CVE-2020-7298Aug 5, 2020risk 0.00cvss —epss 0.00
Unexpected behavior violation in McAfee Total Protection (MTP) prior to 16.0.R26 allows local users to turn off real time scanning via a specially crafted object making a specific function call.
- CVE-2020-7283Jul 3, 2020risk 0.00cvss —epss 0.00
Privilege Escalation vulnerability in McAfee Total Protection (MTP) before 16.0.R26 allows local users to create and edit files via symbolic link manipulation in a location they would otherwise not have access to. This is achieved through running a malicious script or program on…
- CVE-2020-7281Jul 3, 2020risk 0.00cvss —epss 0.00
Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.R26 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through…
- CVE-2020-7282Jul 3, 2020risk 0.00cvss —epss 0.00
Privilege Escalation vulnerability in McAfee Total Protection (MTP) before 16.0.R26 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through…
Page 1 of 2