cnvd - cnvd-2022-22271

cnvd-2022-22271

Vulnerability from cnvd

Title: Mcafee McAfee Total Protection竞争条件漏洞

Description:

Mcafee McAfee Total Protection（MTP）是美国迈克菲（Mcafee）公司的一套防病毒软件。

McAfee Total Protection for Windows 16.0.43之前存在竞争条件漏洞，本地攻击者可利用该漏洞获取权限提升并执行任意文件删除。

Severity: 低

Formal description:

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://service.mcafee.com/

Reference: https://service.mcafee.com/?articleId=TS103271&page=shell&shell=article-view

Impacted products

Name
McAfee McAfee Total Protection for Windows <16.0.43

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-0280"
    }
  },
  "description": "Mcafee McAfee Total Protection\uff08MTP\uff09\u662f\u7f8e\u56fd\u8fc8\u514b\u83f2\uff08Mcafee\uff09\u516c\u53f8\u7684\u4e00\u5957\u9632\u75c5\u6bd2\u8f6f\u4ef6\u3002\n\nMcAfee Total Protection for Windows 16.0.43\u4e4b\u524d\u5b58\u5728\u7ade\u4e89\u6761\u4ef6\u6f0f\u6d1e\uff0c\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u6743\u9650\u63d0\u5347\u5e76\u6267\u884c\u4efb\u610f\u6587\u4ef6\u5220\u9664\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://service.mcafee.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-22271",
  "openTime": "2022-03-24",
  "products": {
    "product": "McAfee McAfee Total Protection for Windows \u003c16.0.43"
  },
  "referenceLink": "https://service.mcafee.com/?articleId=TS103271\u0026page=shell\u0026shell=article-view",
  "serverity": "\u4f4e",
  "submitTime": "2022-03-14",
  "title": "Mcafee McAfee Total Protection\u7ade\u4e89\u6761\u4ef6\u6f0f\u6d1e"
}

CVE-2022-0280 (GCVE-0-2022-0280)

Vulnerability from cvelistv5

Published

2022-03-10 22:35

Modified

2024-08-02 23:25

Severity ?

7.5 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H

CWE

CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition

Summary

A race condition vulnerability exists in the QuickClean feature of McAfee Total Protection for Windows prior to 16.0.43 that allows a local user to gain privilege elevation and perform an arbitrary file delete. This could lead to sensitive files being deleted and potentially cause denial of service. This attack exploits the way symlinks are created and how the product works with them.

References

▼	URL	Tags
	https://service.mcafee.com/?articleId=TS103271&page=shell&shell=article-view	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	McAfee	McAfee Total Protection for Windows	Version: unspecified <

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:25:40.191Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://service.mcafee.com/?articleId=TS103271\u0026page=shell\u0026shell=article-view"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "McAfee Total Protection for Windows",
          "vendor": "McAfee",
          "versions": [
            {
              "lessThanOrEqual": "16.0.42",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A race condition vulnerability exists in the QuickClean feature of McAfee Total Protection for Windows prior to 16.0.43 that allows a local user to gain privilege elevation and perform an arbitrary file delete. This could lead to sensitive files being deleted and potentially cause denial of service. This attack exploits the way symlinks are created and how the product works with them."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-367",
              "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-03-10T22:35:09",
        "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "shortName": "trellix"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://service.mcafee.com/?articleId=TS103271\u0026page=shell\u0026shell=article-view"
        }
      ],
      "source": {
        "advisory": "TS103271",
        "discovery": "EXTERNAL"
      },
      "title": "McAfee Total Protection (MTP) - File Deletion vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@mcafee.com",
          "ID": "CVE-2022-0280",
          "STATE": "PUBLIC",
          "TITLE": "McAfee Total Protection (MTP) - File Deletion vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "McAfee Total Protection for Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "16.0.42"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "McAfee"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A race condition vulnerability exists in the QuickClean feature of McAfee Total Protection for Windows prior to 16.0.43 that allows a local user to gain privilege elevation and perform an arbitrary file delete. This could lead to sensitive files being deleted and potentially cause denial of service. This attack exploits the way symlinks are created and how the product works with them."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://service.mcafee.com/?articleId=TS103271\u0026page=shell\u0026shell=article-view",
              "refsource": "MISC",
              "url": "https://service.mcafee.com/?articleId=TS103271\u0026page=shell\u0026shell=article-view"
            }
          ]
        },
        "source": {
          "advisory": "TS103271",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
    "assignerShortName": "trellix",
    "cveId": "CVE-2022-0280",
    "datePublished": "2022-03-10T22:35:09",
    "dateReserved": "2022-01-19T00:00:00",
    "dateUpdated": "2024-08-02T23:25:40.191Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted