CVE-2024-49592

MEDIUM

McAfee Total Protection <16.0.53 - Privilege Escalation

Title source: llm

Description

Trial installer for McAfee Total Protection (legacy trial installer software) 16.0.53 allows local privilege escalation because of an Uncontrolled Search Path Element. The attacker could be "an adversary or knowledgeable user" and the type of attack could be called "DLL-squatting." The issue only affects execution of this installer, and does not leave McAfee Total Protection in a vulnerable state after installation is completed. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

References (1)

Core 1

Core References

Various Sources

https://www.mcafee.com/support/s/article/000002516?language=en_US

Scores

CVSS v3 6.7

EPSS 0.0021

EPSS Percentile 10.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-427

Status published

Published Nov 15, 2024

Tracked Since Feb 18, 2026