CVE-2022-37025
HIGHMcAfee Security Scan Plus < 4.1.262.1 - Privilege Escalation via Configuration File Tampering
Title source: llmDescription
An improper privilege management vulnerability in McAfee Security Scan Plus (MSS+) before 4.1.262.1 could allow a local user to modify a configuration file and perform a LOLBin (Living off the land) attack. This could result in the user gaining elevated permissions and being able to execute arbitrary code due to lack of an integrity check of the configuration file.
References (3)
Core 3
Core References
Product x_refsource_misc
https://www.mcafee.com/en-us/antivirus/mcafee-security-scan-plus.html
Not Applicable x_refsource_misc
https://attack.mitre.org/techniques/T1218/
Patch, Vendor Advisory x_refsource_misc
https://www.mcafee.com/support/?articleId=TS103335&page=shell&shell=article-view
Scores
CVSS v3
7.8
EPSS
0.0004
EPSS Percentile
13.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-269
Status
published
Products (1)
mcafee/security_scan_plus
< 4.1.262.1
Published
Aug 18, 2022
Tracked Since
Feb 18, 2026