CVE-2022-1824

HIGH

McAfee Consumer Product Removal Tool < 10.4.128 - Uncontrolled Search Path Element via Sideloading Attack

Title source: llm

Description

An uncontrolled search path vulnerability in McAfee Consumer Product Removal Tool prior to version 10.4.128 could allow a local attacker to perform a sideloading attack by using a specific file name. This could result in the user gaining elevated permissions and being able to execute arbitrary code as there were insufficient checks on the executable being signed by McAfee.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://service.mcafee.com/?articleId=TS103318&page=shell&shell=article-view

Scores

CVSS v3 7.9

EPSS 0.0006

EPSS Percentile 17.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H

Details

CWE

CWE-427

Status published

Products (1)

mcafee/consumer_product_removal_tool < 10.4.128

Published Jun 20, 2022

Tracked Since Feb 18, 2026