McAfee Total Protection (MTP) privilege escalation vulnerability
CVE-2021-23873

7.8HIGH

Key Information:

Vendor: Mcafee,llc
Status: Mcafee Total Protection (mtp)
Vendor: CVE Published:; 10 February 2021

Summary

Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and perform arbitrary file deletion as the SYSTEM user potentially causing Denial of Service via manipulating Junction link, after enumerating certain files, at a specific time.

Affected Version(s)

McAfee Total Protection (MTP) Windows < 16.0.30

References

http://service.mcafee.com/FAQDocument.aspx?&id=TS103114

x_refsource_CONFIRM

https://www.zerodayinitiative.com/advisories/ZDI-21-175/

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Feb 10, 2021
Vulnerability Reserved
Jan 12, 2021