CVE-2022-1823
HIGHMcAfee Consumer Product Removal Tool < 10.4.128 - Privilege Escalation via Configuration File Tampering
Title source: llmDescription
Improper privilege management vulnerability in McAfee Consumer Product Removal Tool prior to version 10.4.128 could allow a local user to modify a configuration file and perform a LOLBin (Living off the land) attack. This could result in the user gaining elevated permissions and being able to execute arbitrary code, through not correctly checking the integrity of the configuration file.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://service.mcafee.com/?articleId=TS103318&page=shell&shell=article-view
Scores
CVSS v3
7.9
EPSS
0.0004
EPSS Percentile
12.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H
Details
CWE
CWE-269
Status
published
Products (1)
mcafee/consumer_product_removal_tool
< 10.4.128
Published
Jun 20, 2022
Tracked Since
Feb 18, 2026