CVE-2021-23874

HIGH KEV

Mcafee Total Protection < 16.0.30 - Improper Privilege Management

Title source: rule

Description

Arbitrary Process Execution vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and execute arbitrary code bypassing MTP self-defense.

References (2)

[Broken Link] http://service.mcafee.com/FAQDocument.aspx?&id=TS103114

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-23874

Scores

CVSS v3 8.2

EPSS 0.0085

EPSS Percentile 75.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Details

CISA KEV 2021-11-03

VulnCheck KEV 2021-11-03

InTheWild.io 2021-11-03

ENISA EUVD EUVD-2021-10800

CWE

CWE-269 CWE-732

Status published

Products (1)

mcafee/total_protection < 16.0.30

Published Feb 10, 2021

KEV Added Nov 03, 2021

Tracked Since Feb 18, 2026