CVE-2024-49592

Опубликовано: 15 нояб. 2024

Источник: nvd

CVSS3: 6.7

EPSS Низкий

Описание

Trial installer for McAfee Total Protection (legacy trial installer software) 16.0.53 allows local privilege escalation because of an Uncontrolled Search Path Element. The attacker could be "an adversary or knowledgeable user" and the type of attack could be called "DLL-squatting." The issue only affects execution of this installer, and does not leave McAfee Total Protection in a vulnerable state after installation is completed. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Ссылки

https://www.mcafee.com/support/s/article/000002516?language=en_US

EPSS

Процентиль: 11%

0.00037

Низкий

6.7 Medium

CVSS3

Дефекты

CWE-427

Связанные уязвимости

GHSA-8948-x7rf-6ghj

CVSS3: 6.7

github

около 1 года назад

McAfee Trial Installer 16.0.53 has Incorrect Access Control that leads to Local Escalation of Privileges.

BDU:2024-10893

CVSS3: 6.7

fstec

больше 1 года назад

Уязвимость установщика McAfee Direct Stub Installer средства антивирусной защиты McAfee Total Protection, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код

EPSS

Процентиль: 11%

0.00037

Низкий

6.7 Medium

CVSS3

Дефекты

CWE-427