CVE-2022-1824

HIGH

Mcafee Consumer Product Removal Tool - Uncontrolled Search Path

Title source: rule

Description

An uncontrolled search path vulnerability in McAfee Consumer Product Removal Tool prior to version 10.4.128 could allow a local attacker to perform a sideloading attack by using a specific file name. This could result in the user gaining elevated permissions and being able to execute arbitrary code as there were insufficient checks on the executable being signed by McAfee.

References (1)

[Vendor Advisory] https://service.mcafee.com/?articleId=TS103318&page=shell&shell=article-view

Scores

CVSS v3 7.9

EPSS 0.0023

EPSS Percentile 45.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H

Classification

CWE

CWE-427

Status published

Affected Products (1)

mcafee/consumer_product_removal_tool < 10.4.128

Timeline

Published Jun 20, 2022

Tracked Since Feb 18, 2026