CVE-2022-1823

HIGH

Mcafee Consumer Product Removal Tool - Improper Privilege Management

Title source: rule

Description

Improper privilege management vulnerability in McAfee Consumer Product Removal Tool prior to version 10.4.128 could allow a local user to modify a configuration file and perform a LOLBin (Living off the land) attack. This could result in the user gaining elevated permissions and being able to execute arbitrary code, through not correctly checking the integrity of the configuration file.

References (1)

[Vendor Advisory] https://service.mcafee.com/?articleId=TS103318&page=shell&shell=article-view

Scores

CVSS v3 7.9

EPSS 0.0017

EPSS Percentile 38.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H

Classification

CWE

CWE-269

Status published

Affected Products (1)

mcafee/consumer_product_removal_tool < 10.4.128

Timeline

Published Jun 20, 2022

Tracked Since Feb 18, 2026