Vulnerability Detail

Enriched intelligence for a single CVE

PRO Back to KEVs

8.2

CVSS
High

CVE-2021-23874

PUBLISHED

McAfee Total Protection (MTP) privilege escalation vulnerability

Exploited in the wild Low complexity

Vendor: McAfee,LLC
Product: McAfee Total Protection (MTP)
Published: Feb 10, 2021
EPSS: —

Automate This Intelligence with the Pro API

Everything on this page — CVSS, EPSS, exploit status, PoCs, scanner integrations, mentions, tags, and immediate honeypot data — is available programmatically for VM, SOC, and CTI workflows.

Learn about Pro

Description

Arbitrary Process Execution vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and execute arbitrary code bypassing MTP self-defense.

cisa

Weaknesses (CWE)

CWE-269

Improper Privilege Management

CVSS Scores

CVSS v3.1 8.2 High

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Exploitation Status

Exploited in the wild

Recorded 2021-11-03 00:00:00 UTC · CISA

References

http://service.mcafee.com/FAQDocument.aspx?&id=TS103114

Known Exploited Vulnerability Sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
CISA First	2021-11-03 00:00 UTC

Timeline

Added to KEVIntel

2021-11-03 00:00 UTC
CVE Published to Public

2021-02-10 10:25 UTC
CVE ID Reserved

2021-01-12 00:00 UTC